Skip to Content

On Monday, February 13, Apple released fixes for multiple products, including iOS, macOS, Safari, iPadOS, tvOS, and watchOS. Updates for iOS and iPadOS 16.3.1 and macOS 13.2.1 an actively-exploited arbitrary code execution flaw in WebKit/Safari. Note The 0-day vulnerability is part of “WebKit”. WebKit is Apple’s open source browser engine that is included in other …

Read More about Apple Updates Include Fix for iOS Zero-day

Toyota has fixed a vulnerability in the Toyota Global Supplier Preparation Information Management System (GSPIMS) Web portal that allowed a security researcher to gain access to corporate and partner accounts, and other sensitive data. GSPIMS is used by Toyota employees and suppliers to coordinate supply chain tasks. The researcher notified Toyota about the backdoor login …

Read More about Toyota Fixes Hole in Supply Chain Web Portal

OpenSSH maintainers have released an updated version of the open-source implementation of the SSH protocol to fix three security issues. OpenSSH 9.2/9.2p1 includes a fix for a pre-authentication double-free memory vulnerability that was introduced in OpenSSH 9.1. Note One of the vulnerabilities may allow remote code execution pre-authentication. It will likely be difficult to exploit, …

Read More about OpenSSH Releases Version 9.2/9.2p1 to Fix Security Issues

Both France’s and Italy’s Computer Emergency Response Teams (CERTs) have issued alerts warning “of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them.” The vulnerability (CVE-2021-21974) affects ESXi 7.0, 6.7 and 6.5. Support for ESXi 6.7 and 6.5 ended in October 2022. The flaw was disclosed, and a fix was …

Read More about Ransomware Campaign Exploits Known VMware Vulnerability

Researchers from SaiFlow have detailed vulnerabilities affecting electric vehicle (EV) charging stations that could be exploited to cause denial-of-service or trick them into charging vehicles without payment. The vulnerabilities lie in the Open Charge Point Protocol (OCPP) standard. Note Electric Vehicle chargers are more than high power electric outlets. The cable connecting the car to …

Read More about Electric Vehicle Charger Vulnerabilities

Researchers at Palo Alto Network Unit 42 say that a vulnerability in RealTek Jungle SDK accounted for 40 percent of attacks they reviewed between August and October 2022. In a post, the researchers write, “As of December 2022, we’ve observed 134 million exploit attempts in total leveraging this vulnerability, and about 97% of these attacks …

Read More about RealTek Jungle SDK Vulnerability

QNAP has made firmware updates available for a flaw in QTS and QuTS hero that could be exploited to inject malicious code. The vulnerability affects QNAP network attached storage (NAS) devices running QTS 5.0.1 and QuTS hero 5.0.1. Note Just as a quick reminder: Do not expose your network storage to the internet. No matter …

Read More about QNAP Releases Firmware Updates to Address Critical Flaw Affecting QTS and QuTS hero

The Internet Systems Consortium (ISC) has published four advisories to address high severity vulnerabilities in its Berkeley Internet Name Domain (BIND) 9. All of the flaws affect the named BIND9 daemon, which is an authoritative name server and a recursive resolver. Note The fix is to update to the patched version of BIND 9 most …

Read More about Patches Multiple BIND Vulnerabilities

Researchers from Sonar have detailed three vulnerabilities in the open-source health record and medical practice management software OpenEMR. The flaws – an unauthenticated file read, authenticated local file inclusion, and authenticated reflected XSS – could be exploited to execute arbitrary system commands and steal patient data. All three flaws are fixed in OpenEMR version 7.0.0. …

Read More about Update Available to Fix OpenEMR Vulnerabilities

Google has updated the Stable channel for Chrome to version to 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows. The newest version of the browser includes fixes for six vulnerabilities. Four of the flaws were submitted by external researchers. These include use after free vulnerabilities in WebTransport, WebRTC, and GuestView, and a type confusion …

Read More about Google Updates Chrome to version to 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows

Researchers from Akamai say that most Windows data centers have not patched systems against a critical spoofing vulnerability in CryptoAPI. The US National Security Agency (NSA) and the UK National Cybersecurity Centre (NCSC) disclosed the vulnerability to Microsoft and the issue was patched in August 2022. In the update guide for the vulnerability (CVE-2022-34689), Microsoft …

Read More about Most Windows Data Centers Still Vulnerable to CryptoAPI Spoofing Bug

VMware has released updates to fix four vulnerabilities in its vRealize Log Insight product. Two of the flaws are critical: a directory traversal vulnerability and a broken access control vulnerability. Both could be exploited to achieve remote code execution. The other fixed flaws are a deserialization vulnerability that could be exploited to create denial of …

Read More about VMware Patches vRealize Log Insight Vulnerabilities

Apple released fixes for multiple security issues in iOS and macOS, including a remotely exploitable zero-day flaw in iOS. The type confusion issue in Apple WebKit browser engine was deemed serious enough to prompt Apple to release updates for older versions of iOS. Note Impressive from Apple to release an update for hardware released 10 …

Read More about Apple Updates Include Backported Fix for iOS Vulnerability

Cisco has released updates to fix an improper user input validation vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability could be exploited to conduct an SQL injection attack. Note While Cisco is not aware of this being exploited in the wild, it’s …

Read More about Cisco Releases Updates to Address Unified Communications Manager SQL

Vulnerabilities in historian database servers raise concerns as they can provide a connection between an organization’s IT and OT networks. Researchers at Claroty have detailed their findings about a set of vulnerabilities in the GE Proficy Historian. The report notes that “these critical databases not only store data collected from industrial control systems, but they …

Read More about Flaws in Historian Servers Put OT Systems at Risk
Ads Blocker Image Powered by Code Help Pro

Your Support Matters...

We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.