Vulnerabilities
Microsoft’s May 2023 security updates address a total of 40 newly documented vulnerabilities, including two flaws already exploited in attacks.
Hi, what are you looking for?
SecurityWeek
Network Security
Zyxel urges customers to update ATP, USG Flex, VPN, and ZyWALL/USG firewalls to prevent exploitation of recent vulnerabilities.
Endpoint Security
Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.
Supply Chain Security
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order.
Malware & Threats
Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks.
Vulnerabilities
Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product.
Vulnerabilities
A zero-day vulnerability in Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data.
Vulnerabilities
Adobe has patched more than a dozen vulnerabilities, including critical code execution flaws, in its Substance 3D Painter product.
Supply Chain Security
SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...
Vulnerabilities
An XSS vulnerability in the Advanced Custom Fields WordPress plugin exposes more than 2 million sites to attacks.
Vulnerabilities
Fortinet has released patches for two high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy.
Cloud Security
Three vulnerabilities in the Azure API Management service could be exploited for internal asset access, DoS, firewall bypass, and the upload of malicious files.
Mobile & Wireless
Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor.
Vulnerabilities
Cisco warns of a critical-severity RCE vulnerability impacting EoL SPA112 2-Port Phone Adapters.
Vulnerabilities
Apple has released firmware updates for Beats and AirPods to patch a vulnerability that can be exploited to gain access to headphones via a...
Vulnerabilities
Vulnerabilities in Netgear network management system allow attackers to retrieve cleartext passwords and escalate privileges.
Vulnerabilities
Chrome 113 was released to the stable channel with 15 security fixes, including 10 that address vulnerabilities reported by external researchers.
Network Security
Open source BGP implementation FRRouting is affected by three vulnerabilities that can be exploited to cause disruption via DoS attacks.
Cybercrime
The recent MOVEit zero-day attack has been linked to a known ransomware group, which reportedly stole data from dozens of organizations.
Mobile & Wireless
Artificial Intelligence
Artificial Intelligence
