Security News > 2023 > October > Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach
1Password also affected by Okta Support System breachFollowing in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach.
Microsoft announces wider availability of AI-powered Security CopilotMicrosoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program.
VMware patches critical vulnerability in vCenter ServerVMware has fixed a critical out-of-bounds write vulnerability and a moderate-severity information disclosure flaw in vCenter Server, its popular server management software.
Navigating OT/IT convergence and securing ICS environmentsIn this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint Security, discusses securing the control systems environment, as well as creating a cybersecurity roadmap.
What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoTThe reactive nature of cybersecurity has led to a reality in which boards and executive leaders attempt to mitigate risk by tasking security teams to avoid risk.
Raven: Open-source CI/CD pipeline security scannerRaven is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs.
- Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution (source)
- GitLab warns of critical zero-click account hijacking vulnerability (source)
- Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches (source)
- Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers (source)
- Patch now: Critical VMware, Atlassian flaws found (source)
- Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! (source)
- VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) (source)
- VMware confirms critical vCenter flaw now exploited in attacks (source)
- Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! (source)
- Critical vulnerability in Mastodon is pounced upon by fast-acting admins (source)