Pierluigi Paganini
October 31, 2022
VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for […]
Pierluigi Paganini
October 31, 2022
An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that could allow bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures. The issue affects all supported and multiple legacy […]
Pierluigi Paganini
October 28, 2022
Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path […]
Pierluigi Paganini
October 28, 2022
Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine. The flaw has been reported […]
Pierluigi Paganini
October 28, 2022
Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug. Early this week, Apple addressed the ninth zero-day […]
Pierluigi Paganini
October 27, 2022
The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online Original post at https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/ Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews […]
Pierluigi Paganini
October 27, 2022
SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users’ conversations with Siri. SiriSpy is a now-patched vulnerability, tracked as CVE-2022-32946, in Apple’s iOS and macOS that could have potentially allowed any app with access to Bluetooth to eavesdrop on conversations with Siri and audio. “An app may be […]
Pierluigi Paganini
October 26, 2022
The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […]
Pierluigi Paganini
October 26, 2022
Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are dated 2020 and are now patched. The […]
Pierluigi Paganini
October 26, 2022
VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud Foundation. VMware Cloud Foundation™ is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, […]
