Vulnerabilities & Exploits Archives - Page 9 of 106

Top CVEs targeted by PRC state-sponsored cyber actors

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / October 8, 2022 / Apache, BIG-IP, CVE-2019-11510, CVE-2019-19781, CVE-2020-5902, CVE-2021-1497, CVE-2021-20090, CVE-2021-22005, CVE-2021-22205, CVE-2021-26084, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-36260, CVE-2021-40539, CVE-2021-41773, CVE-2021-42237, CVE-2021-44228, CVE-2022-1388, CVE-2022-24112, CVE-2022-26134, Exchange, log4Shell, ProxyLogon

The FBI, NSA and CISA coauthored a joint Cybersecurity Advisory detailing how People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit common, publicly known vulnerabilities used since 2020 to “actively target U.S. and allied networks.”

Top CVEs targeted by PRC state-sponsored cyber actors Read More »

Google releases Chrome 106 security update with fixes for 2 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 3, 2022 / Chrome, Chrome 106, CVE-2022-3370, CVE-2022-3373, Google, iOS

Google has released Chrome 106 (106.0.5249.91) for Windows, Mac and Linux, with fixes for three vulnerabilities (two rated High severity).

Google releases Chrome 106 security update with fixes for 2 High severity vulnerabilities Read More »

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 1, 2022 / Atlassian, CVE-2022-36804, CVE-2022-41040, CVE-2022-41082, Exchange, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

Drupal patches Critical Twig third-party library vulnerability (CVE-2022-39261)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 1, 2022 / CVE-2022-39261, Drupal, Twig

Drupal has patched a Critical Twig third-party library vulnerability (CVE-2022-39261) that affect multiple versions of Drupal Core.

Drupal patches Critical Twig third-party library vulnerability (CVE-2022-39261) Read More »

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 1, 2022 / CVE-2022-41040, CVE-2022-41082, Exchange, Exchange Server 2019, IIS, Microsoft, PowerSHell, ProxyNotShell, Vulnerabilities, Zero-day

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities Read More »

Sophos Firewall RCE vulnerability (CVE-2022-3236) exploited the wild

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / September 23, 2022 / CISA, CVE-2022-3236, Firewall, Sophos, Webadmin, Zoho

Sophos has fixed a Sophos Firewall remote code execution (RCE) vulnerability (CVE-2022-3236) exploited in the wild.

Sophos Firewall RCE vulnerability (CVE-2022-3236) exploited the wild Read More »

ISC fixes High risk BIND vulnerabilities, BIND 9 Security Vulnerability Matrix

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 22, 2022 / BIND, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178, DNS, ECDSA, ISC

The Internet Systems Consortium (ISC) has released new security updates that fix four High risk vulnerabilities in multiple versions of BIND, as well as BIND 9 Security Vulnerability Matrix.

ISC fixes High risk BIND vulnerabilities, BIND 9 Security Vulnerability Matrix Read More »

Mozilla releases Firefox 105 with fixes for 3 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 22, 2022 / CVE-2022-40959, CVE-2022-40960, CVE-2022-40962, Firefox, FIrefox105

The Mozilla Foundation has patched four High risk vulnerabilities in Firefox 105, as well as a number of other bug fixes.

Mozilla releases Firefox 105 with fixes for 3 High severity vulnerabilities Read More »

Microsoft releases out-of-band patch for Endpoint Configuration Manager

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 22, 2022 / Configuration Manager, CVE-2022-37972, Endpoint, Microsoft, NTLM

Microsoft has released an out-of-band patch for a Endpoint Configuration Manager vulnerability CVE-2022-37972.

Microsoft releases out-of-band patch for Endpoint Configuration Manager Read More »

Adobe security updates for multiple products

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 15, 2022 / Adobe, Animate, Bridge, Experience Manager, Illustrator, InCopy, InDesign, Photoshop

Adobe has released security updates that address multiple vulnerabilities in Animate, Bridge, Experience Manager, Illustrator, InCopy, InDesign, and Photoshop.

Adobe security updates for multiple products Read More »