Vulnerability Summary for the Week of October 2, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acronis -- agent Local privilege escalation due to improper soft link handling. The following products…

Comments Off on Vulnerability Summary for the Week of October 2, 2023

Apple Releases Security Updates for iOS and iPadOS

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users…

Comments Off on Apple Releases Security Updates for iOS and iPadOS

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint…

Comments Off on NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege…

Comments Off on CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

Vulnerability Summary for the Week of September 25, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info accusoft -- imagegear An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1.…

Comments Off on Vulnerability Summary for the Week of September 25, 2023

Vulnerability Summary for the Week of September 18, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acronis -- cyber_protect_home_office Sensitive information disclosure due to insecure folder permissions. The following products are…

Comments Off on Vulnerability Summary for the Week of September 18, 2023

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA),…

Comments Off on People’s Republic of China-Linked Cyber Actors Hide in Router Firmware