Security Updates & Patches Archives - Page 24 of 89

Adobe security updates for Adobe Photoshop and 11 products

Security Updates & Patches / Frank Crast / December 14, 2021 / CVE-2021-43018, CVE-2021-44184, Photoshop

Adobe has released security updates for Adobe Photoshop and 10 ther products. An attacker could exploit these vulnerabilities and potentially take over impacted systems.

Adobe security updates for Adobe Photoshop and 11 products Read More »

SonicWall releases new firmware updates for SMA 100 Series remote access devices

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 9, 2021 / SMA 100, SonicWall

SonicWall has released new firmware updates for SMA 100 Series remote access devices with fixes for multiple High risk vulnerabilities.

SonicWall releases new firmware updates for SMA 100 Series remote access devices Read More »

Mozilla releases Firefox 95 with RLBox security technology and fixes for 6 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 9, 2021 / Firefox, Firefox 95, Mozilla, RLBox

The Mozilla Foundation has patched six High risk vulnerabilities in Firefox 95, as well as added a new security feature, RLBox, that hardens Firefox against third party library vulnerabilities.

Mozilla releases Firefox 95 with RLBox security technology and fixes for 6 High severity vulnerabilities Read More »

Mozilla patches Critical memory corruption vulnerability in NSS

Cryptography, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 3, 2021 / CRL, Crypto, DER, DSA, Mozilla, NSS, OCSP, PKCS, RSA-PSS, TLS

The Mozilla Foundation has patched a memory corruption vulnerability CVE-2021-43527 in network security services (NSS) via DER-encoded DSA and RSA-PSS signatures.

Mozilla patches Critical memory corruption vulnerability in NSS Read More »

Windows Mobile Device Management 0-day vulnerability could lead to local privilege escalation

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / November 30, 2021 / 0-day, CVE-2021-24084, HiveNightmare, mobile, SeriousSAM, Windows

A security researcher has discovered a zero-day vulnerability CVE-2021-24084 in Windows Mobile Device Management that could allow information disclosure and local privilege escalation (LPE).

Windows Mobile Device Management 0-day vulnerability could lead to local privilege escalation Read More »

VMware patches 2 vSphere Web Client vulnerabilities (CVE-2021-21980, CVE-2021-22049)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 27, 2021 / CVE-2021-22049, vcenter, VMware, vSphere

VMware has patched arbitrary file read and SSRF vCenter Server vulnerabilities (CVE-2021-21980, CVE-2021-22049) that affect VMware vSphere Web Client.

VMware patches 2 vSphere Web Client vulnerabilities (CVE-2021-21980, CVE-2021-22049) Read More »

Attackers exploit Windows Installer zero-day vulnerability (CVE-2021-41379)

Malware, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 24, 2021 / CVE-2021-41379, Group Policy, Installer, Windows

Bad actors have been exploiting a previously patched Windows Installer zero-day privileged escalation vulnerability CVE-2021-41379.

Attackers exploit Windows Installer zero-day vulnerability (CVE-2021-41379) Read More »

FBI alert: APT actors exploit 0-Day FatPipe VPN vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / November 21, 2021 / 0-day, FatPipe, FBI, MPVPN, VPN

The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.

FBI alert: APT actors exploit 0-Day FatPipe VPN vulnerabilities Read More »

GitHub fixes 2 npm registry vulnerabilities

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 20, 2021 / 2FA, GitHub, JavaScript, NPM, registry

GitHub has fixed two node package manager (npm) registry vulnerabilities, one of those could allow an attacker to publish new versions of an npm package without proper authorization.

GitHub fixes 2 npm registry vulnerabilities Read More »

Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 18, 2021 / APT, ChamelGang, CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2021-34473, Exchange, Fortigate, Fortinet, ProxyShell, VPN

Iranian state-sponsored advanced persistent threat (APT) actors have been targeting and exploiting Microsoft Exchange and Fortinet vulnerabilities.

Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities Read More »