Security News
Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352, the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and extract archives.
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. The company released security updates to address the flaw last week and it also advised customers in private alerts to disable remote management user interfaces on affected devices "With the utmost urgency" to block attacks if they can't immediately patch.
Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances.Ai security researchers released a proof-of-concept exploit and a technical root cause analysis for this vulnerability today, following an announcement that a CVE-2022-40684 PoC will be made available this week.
Two weeks ago we reported on two zero-days in Microsoft Exchange that had been reported to Microsoft three weeks before that by a Vietnamese company that claimed to have stumbled across the bugs on an incident response engagement on a customer's network. One day ago [2022-10-11] was the latest Patch Tuesday.
Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs,...
Let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August. A month later, Zero Day Initiative purchased the bugs and disclosed them to Microsoft.
The second Tuesday in October is also Ada Lovelace Day, celebrating Ada, Countess of Lovelace. Ada was a true pioneer not only of computing, but also of computer science, and gave her name to the programming language Ada.
Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws. The above counts do not include twelve vulnerabilities fixed in Microsoft Edge on October 3rd. For information about the non-security Windows updates, you can read today's Windows 10 KB5018410 and KB5018419 updates and the Windows 11 KB5018427 update.
Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. Vm2 is the most popular Javascript sandbox library, with around 17.5 million monthly downloads.
How to start and grow a cybersecurity consultancyA cybersecurity industry veteran, Praveen Singh is the co-founder and Chief Information Security Advisor at CyberPWN Technologies, a digital defense consulting firm. CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumerationA new directive issued by the Cybersecurity and Infrastructure Security Agency is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks.