Security News

September 2023 Patch Tuesday forecast: Important Federal government news
2023-09-08 05:08

The last security updates will be issued next month on the October Patch Tuesday. September 2023 Patch Tuesday forecast Microsoft will probably up their game on CVEs addressed this month, but don't expect the breadth of updates we saw last month.

Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets
2023-09-07 18:36

Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.

Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
2023-09-06 14:02

Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.

Using WinRAR? Be sure to patch against these code execution bugs…
2023-08-23 19:55

WinRAR could start a wrong file after a user double- clicked an item in a specially crafted archive. That's a bit like receiving an email containing a safe-looking attachment along with a risky-looking one, deciding to start by investigating only the safe-looking one, but unknowingly firing up the risky file instead. From what we can tell, and in another irony, this bug existed in WinRAR's code for unpacking ZIP files, not in the code for processing its very own RAR file format.

Ivanti Sentry zero-day vulnerability exploited, patch ASAP! (CVE-2023-38035)
2023-08-22 10:34

Ivanti is urging administrators of Ivanti Sentry gateways to patch a newly discovered vulnerability that could be exploited to change configuration, run system commands, or write files onto the vulnerable system. CVE-2023-38035 is an API authentication bypass flaw that may enable unauthenticated attackers to access APIs that are used to configure the Ivanti Sentry on the administrator portal/interface, which runs by default on port 8443.

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
2023-08-21 11:39

A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats. CVE-2023-40477 is a remote code execution vulnerability that could allow remote threat actors to execute arbitrary code on an affected WinRAR installation.

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now
2023-08-19 07:38

Networking hardware company Juniper Networks has released an "Out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. They affect all versions of Junos OS on SRX and EX Series.

Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild
2023-08-17 21:55

Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the business IT player fixed earlier this summer. Uncle Sam's Cybersecurity and Infrastructure Security Agency on Wednesday warned that criminals have exploited CVE-2023-24489, a 9.8-of-10-severity improper-access-control bug in Citrix ShareFile.

Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
2023-08-09 20:34

The August 2023 Microsoft security updates are out, with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft's offical bug listing page is topped by two special items dubbed Exploitation Detected.

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ
2023-08-08 19:34

August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in. There is a Microsoft Office "Defense in Depth Update" available that, according to Microsoft, stops the attack chain leading to CVE-2023-36884, a Windows Search RCE vulnerability that has been previously exploited by Russian hackers in targeted attacks.