Security News
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources.The severity of the vulnerability is merely "Important", as its exploitation requires additional access and/or privilege, but ConnectWise recommends administrators of on-premise instances to patch as soon as possible.
August 2022 Patch Tuesday provided critical updates for all Microsoft operating systems as well as an unexpected update for Internet Explorer 11. All these products are in common use, so ensure you include these updates in your patch Tuesday process if you haven't deployed them already.
Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers. Cisco said its Product Security Incident Response Team has not seen any public disclosures about the vulnerability nor evidence that any cybercriminal has exploited the flaw.
CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software. The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.
Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage devices. Tracked as CVE-2022-34747, the issue relates to a "Format string vulnerability" affecting NAS326, NAS540, and NAS542 models.
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier...
A critical vulnerability in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances. Bitbucket Server and Data Center are used by software developers around the world for source code revision control, management and hosting.
Tens of thousands of internet-facing IP cameras made by China-based Hikvision remain unpatched and exploitable despite a fix being issued for a critical security bug nearly a year ago. Awarded a CVSS score of 9.8 of 10 in severity, the Hikvision bug was considered serious enough for the US Cybersecurity and Infrastructure Security Agency to add it to its list of "Must patch" security flaws early this year, adding that the vulnerability is already being exploited.
DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition and Enterprise Edition starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1.
"In most cases, the vulnerabilities exist because the software fully trusted data coming from the PLC without performing extensive security checks," Team82 said. Security researchers at Accenture have highlighted the following point: the type of data being sold online after ransomware attacks is exactly the sort of stuff that's ideal for launching business email compromise attacks.