Security News

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!
2023-07-14 19:58

Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says "Could potentially impact the confidentiality and integrity of your data." The vulnerability is what's known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X, such as clicking through to site Y, gives the operator of site X a sneaky chance to implant rogue JavaScript code into the web pages that your browser receives back from Y. This, in turn, means that X may end up with access to your account on site Y, by reading out and perhaps even modifying data that would otherwise be private to Y, such as your account details, login cookies, authentication tokens, transaction history, and so on.

Apple re-releases zero-day patch after fixing browsing issue
2023-07-12 21:27

"Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday. Today, Apple started pushing iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 Security Response updates that address the web browsing issues.

SonicWall warns admins to patch critical auth bypass bugs immediately
2023-07-12 20:08

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites."This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.

Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws
2023-07-11 17:49

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities. "An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default," warns Microsoft.

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari
2023-07-11 04:08

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content.

CISA warns govt agencies to patch actively exploited Android driver
2023-07-07 18:54

CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month's Android security updates. With this month's security updates for the Android operating system, Google patched two more security flaws tagged as being exploited in attacks.

MOVEit Transfer customers warned to patch new critical flaw
2023-07-07 12:35

"An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," reads Progress's security bulletin. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content" - MOVEit Transfer advisory.

July 2023 Patch Tuesday forecast: A month of instability and uncertainty
2023-07-07 09:07

There's been a lot of activity with Microsoft this month which may impact updates we'll see. Starting on Patch Tuesday, the application of Windows 11 22H2 KB5027231 cumulative update broke Google Chrome for users running Malwarebytes, Cisco Secure Endpoint, and WatchGuard Endpoint Security - they were not able to launch Google Chrome.

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
2023-07-07 07:24

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities.Among these, three vulnerabilities have been identified as actively exploited in targeted attacks.

WordPress plugin lets users become admins – Patch early, patch often!
2023-07-03 19:48

If you run a WordPress site with the Ultimate Members plugin installed, make sure you've updated it to the latest version. The plugin doesn't allow users to enter this value, but this filter turns out to be easy to bypass, making it possible to edit wp capabilities and become an admin.