Security News

Week in review: Sumo Logic breach, 7 free cyber threat maps, Patch Tuesday forecast
2023-11-12 09:00

Aqua Trivy open-source security scanner now finds Kubernetes security risksThe Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation. Sumo Logic discloses potential breach via compromised AWS credentialCloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday.

November 2023 Patch Tuesday forecast: Year 21 begins
2023-11-10 06:00

The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10, and 61 in Server 2012 R2. While Server 2012 and Server 2012 R2 may be in good shape for the short term, please don't count on it for long, and don't forget they are moving into Extended Security Updates this month. Software updates across the board had been haphazard and happenstance until that second Tuesday in October 2003.

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
2023-11-07 05:08

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. Fixes for the issues are available in the below versions -.

QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
2023-11-06 16:55

QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8),...

Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security
2023-11-03 16:02

Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defenses. The long and short of it is that Microsoft is pushing the big AI button a few more times, more deeply embedding the tech throughout its security operations and products.

Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
2023-10-31 05:05

Atlassian has told customers they "Must take immediate action" to address a newly discovered flaw in its Confluence collaboration tool. An advisory issued on October 31st warns of CVE-2023-22518, described as an "Improper authorization vulnerability in Confluence Data Center and Server", the on-prem versions of Atlassian's products.

RCE exploit for Wyze Cam v3 publicly released, patch now
2023-10-30 20:46

A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. Security researcher Peter Geissler recently discovered two flaws in the latest Wyze Cam v3 firmware that can be chained together for remote code execution on vulnerable devices.

Apple drops urgent patch against obtuse TriangleDB iPhone malware
2023-10-26 21:15

Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. This is the second patch that Apple has issued to fix the vulnerability.

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability
2023-10-25 10:11

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS...

Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public
2023-10-24 21:00

Citrix has urged admins to "Immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited. Plus, there's a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub.