Vulnerabilities
Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
Hi, what are you looking for?
SecurityWeek
Vulnerabilities
KeePass 2.54 patches a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump.
Vulnerabilities
Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023.
Network Security
Zyxel urges customers to update ATP, USG Flex, VPN, and ZyWALL/USG firewalls to prevent exploitation of recent vulnerabilities.
Endpoint Security
Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.
Supply Chain Security
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order.
Malware & Threats
Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks.
Vulnerabilities
A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days.
Vulnerabilities
The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022.
Vulnerabilities
Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks.
Cybercrime
A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.
Vulnerabilities
GitLab CE/EE version 16.0.1 patches a critical arbitrary file read vulnerability tracked as CVE-2023-2825.
Vulnerabilities
Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances.
Vulnerabilities
OAuth vulnerabilities found in the widely used Expo application development platform could have been exploited for account takeovers.
Network Security
MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto.
Mobile & Wireless
Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.
Supply Chain Security
Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks.
Mobile & Wireless
Apple has patched 3 zero-days, two of which are the vulnerabilities patched with the tech giant’s first Rapid Security Response updates.
Artificial Intelligence
AntChain has teamed up with Intel for a Massive Data Privacy-Preserving Computing Platform (MAPPIC) for AI machine learning.
Identity & Access
Cybersecurity Funding
