Security News

Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws
2022-12-13 18:27

Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. Six of the 49 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.

Hackers exploit critical Citrix ADC and Gateway zero day, patch now
2022-12-13 15:07

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
2022-12-13 13:27

An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned. "Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls."

Week in review: Rackspace outage, Kali Linux 2022.4 released, Patch Tuesday forecast
2022-12-11 09:30

Rackspace Hosted Exchange outage was caused by ransomwareRackspace has finally confirmed the cause of the security incident that resulted in an ongoing outage of its Hosted Exchange service: it's ransomware. Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new toolsOffensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform.

December 2022 Patch Tuesday forecast: Fine-tuning the connectivity
2022-12-09 06:28

Microsoft wrapped up a lot of 'loose ends' last month with their November set of updates, but there is still some work to do before the end-of-year holiday season. Let's hope that Microsoft provides some comprehensive updates this month that can fine tune all these nagging stability and connectivity issues.

CISA orders agencies to patch exploited Google Chrome bug by Dec 26th
2022-12-05 22:06

The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users. In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
2022-12-03 04:41

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
2022-11-25 13:12

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on November 22, 2022.

Mali GPU ‘patch gap’ leaves Android users vulnerable to attacks
2022-11-23 15:59

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. The vulnerability impacts Arm Mali GPU kernel drivers Valhall r29p0 to r38p0.

Emergency code execution patch from Apple – but not an 0-day
2022-11-10 20:49

No sooner had we stopped to catch our breath after reviewing the latest 62 patches dropped by Microsoft on Patch Tuesday. Neither bug is reported with Apple's typical zero-day wording along the lines that the company "Is aware of a report that this issue may have been actively exploited", so there's no suggestion that these bugs are zero-days, at least inside Apple's ecosystem.