CySec News A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. Reference: https://thehackernews.com/2022/09/mirai-variant-moobot-botnet-exploiting.html Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), […]
31
Aug
Aug
CySec News A critical command injection vulnerability in a Bitbucket product could allow an attacker to execute arbitrary code, researchers warn. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. The flaw, tracked as CVE-2022-36804, is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. Reference: https://portswigger.net/daily-swig/critical-command-injection-vulnerability-discovered-in-bitbucket-server-and-data-center […]
24
Aug
Aug
CySec News GitLab has issued a security update to address a critical vulnerability that could lead to remote code execution (RCE). The vulnerability could allow an authenticated user to achieve remote code execution via the ‘Import from GitHub API’ endpoint, an advisory from GitLab reads. Tracked as CVE-2022-2884, the security issue is present in GitLab […]
17
Aug
Aug
CySec News Android malware developers are already adjusting their tactics to bypass a new ‘Restricted setting’ security feature introduced by Google in the newly released Android 13. Reference: https://www.bleepingcomputer.com/news/security/malware-devs-already-bypassed-android-13s-new-security-feature/ Google has released a security update for the Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited […]
10
Aug
Aug
CySec News As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild Of the 121 bugs, 17 are rated Critical, […]
27
Jul
Jul
CySec News Atlassian has addressed a hardcoded credential flaw in Questions for Confluence and servlet filter bypasses in multiple other products. The Australian vendor of software development and collaboration tools issued security advisories with instructions for applying updates and mitigations (July 20). Reference: https://portswigger.net/daily-swig/atlassian-patches-batch-of-critical-vulnerabilities-across-multiple-products Zyxel has released patches for several of its firewall products […]
20
Jul
Jul
CySec News Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to update to release versions 22.1R1 and 21.4.0, respectively. Reference: […]
13
Jul
Jul
CySec News Microsoft reminded customers that Windows Server, version 20H2 will be reaching its End of Service (EOS) next month, on August 9. Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-windows-server-20h2-reaches-eos-next-month/ Microsoft says last week’s decision to roll back VBA macro auto-blocking in downloaded Office documents is only a temporary change. Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-says-decision-to-unblock-office-macros-is-temporary/ Cisco on Wednesday rolled out patches […]
06
Jul
Jul
CySec News Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely. The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. An authenticated user could import a […]
29
Jun
Jun
CySec News Microsoft has released the optional KB5014666 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes numerous bug fixes and new, unexpected printing features. The KB5014666 cumulative update preview is part of Microsoft’s June 2022 monthly “C” update, allowing admins to test fixes in the July […]
- 1
- 2