security update – Page 8 – WindowsTechs.com

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

Posted on December 1, 2023 by Zeljka Zorz

With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42… Continue reading Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)→

Posted on November 29, 2023 by Helga Labus

Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoît S… Continue reading Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)→

Posted on November 27, 2023 by Help Net Security

The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact, thousands of … Continue reading Why it’s the perfect time to reflect on your software update policy→

Posted on November 9, 2023 by Helga Labus

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day … Continue reading MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)→

Posted on October 31, 2023 by Zeljka Zorz

Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by… Continue reading Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)→

Posted on October 25, 2023 by Helga Labus

VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2… Continue reading VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)→

Posted on October 23, 2023 by Zeljka Zorz

Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity co… Continue reading “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day→

Posted on October 18, 2023 by Helga Labus

A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security adv… Continue reading Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)→

Posted on October 17, 2023 by Helga Labus

Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out … Continue reading Valve introduces SMS-based confirmation to prevent malicious games on Steam→

Posted on October 11, 2023 by Zeljka Zorz

Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates … Continue reading Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)→