Vulnerabilities & Exploits

Sophos Firewall RCE vulnerability (CVE-2022-3236) exploited the wild

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 23, 2022 September 23, 2022 / CISA, CVE-2022-3236, Firewall, Sophos, Webadmin, Zoho

Sophos has fixed a Sophos Firewall remote code execution (RCE) vulnerability (CVE-2022-3236) exploited in the wild.

ISC fixes High risk BIND vulnerabilities, BIND 9 Security Vulnerability Matrix

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 22, 2022 September 22, 2022 / BIND, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178, DNS, ECDSA, ISC

The Internet Systems Consortium (ISC) has released new security updates that fix four High risk vulnerabilities in multiple versions of BIND, as well as BIND 9 Security Vulnerability Matrix.

Mozilla releases Firefox 105 with fixes for 3 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 22, 2022 September 22, 2022 / CVE-2022-40959, CVE-2022-40960, CVE-2022-40962, Firefox, FIrefox105

The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 105, as well as a number of other bug fixes.

Microsoft releases out-of-band patch for Endpoint Configuration Manager

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 22, 2022 September 22, 2022 / Configuration Manager, CVE-2022-37972, Endpoint, Microsoft, NTLM

Microsoft has released an out-of-band patch for a Endpoint Configuration Manager vulnerability CVE-2022-37972.

Adobe security updates for multiple products

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 15, 2022 September 15, 2022 / Adobe, Animate, Bridge, Experience Manager, Illustrator, InCopy, InDesign, Photoshop

Adobe has released security updates that address multiple vulnerabilities in Animate, Bridge, Experience Manager, Illustrator, InCopy, InDesign, and Photoshop.

Apple patches vulnerabilities in iOS 16, iOS 15.7, macOS Monterey 12.6, Big Sur 11.7 and other products

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 14, 2022 September 14, 2022 / Big Sur, CVE-2022-32894, CVE-2022-32917, iOS, iOS157, iOS16, macOS, Monterey126

Apple has released security updates for Apple iOS 16, iOS 15.7, macOS Monterey 12.6, macOS Big Sur 11.7, Safari 15.6, and other products. Apple also warned two zero-day vulnerabilities may have been exploited in the wild.

Microsoft September 2022 Security Updates addresses 63 vulnerabilities (5 Critical, 1 zero-day, 1 Spectre-BHP)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 14, 2022 September 15, 2022 / CVE-2022-34700, CVE-2022-34718, CVE-2022-34721, CVE-2022-34722, CVE-2022-35805, CVE-2022-37969, Cybersecurity Threat Center, Microsoft, Spectre v2, Spectre-BHP

The Microsoft September 2022 Security Updates includes patches and advisories for 63 vulnerabilities. Five of those are rated Critical severity, one that addresses a previously disclosed Spectre-BHP flaw, and a zero-day exploited in the wild.

Mirai variant MooBot botnet targets multiple D-Link flaws

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / By Frank Crast / September 11, 2022 September 11, 2022 / botnet, CVE-2015-2051, CVE-2018-6530, CVE-2022-26258, CVE-2022-28958, Cybersecurity Threat Center, D-Link, Mirai, MooBot

Security researchers from Palo Alto Networks Unit 42 have discovered a Mirai botnet variant dubbed “MooBot” that targets multiple D-Link flaws and exposed networking devices running Linux.

CISA adds 12 vulnerabilities to Known Exploited Vulnerabilities Catalog

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 11, 2022 September 11, 2022 / Android, Apple, Chrome, CVE-2022-26258, CVE-2022-27593, CVE-2022-28958, CVE-2022-3075, D-Link, FortiOS, MikroTik, Oracle, QNAP, QNAP NAS, WebLogic

The Cybersecurity and Infrastructure Security Agency (CISA) has added 12 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Apple, Chrome, Android OS, D-Link (5), QNAP NAS, MikroTik, Oracle WebLogic, FortiOS and FortiADC flaws.

Google fixes Chrome zero-day vulnerability (CVE-2022-3075) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 5, 2022 September 5, 2022 / browser, Chrome, Chrome105, CVE-2022-3075, Vulnerabilities

Google has released Chrome 105.0.5195.102 for Windows, Mac and Linux with a fix for a High severity zero-day vulnerability (CVE-2022-3075) exploited in the wild.