Collaborate Disseminate
Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they not… Continue reading PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)
Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis Cybersecurity, Hubble, Netscout, Panorays, Privacera, Regula, SeeMetrics, Tenable… Continue reading Infosec products of the month: July 2023
Here’s a look at the most interesting products from the past week, featuring releases from Code42, ComplyAdvantage, Diligent, Privacera, and Tenable. Tenable unveils agentless container scanning to prevent vulnerable containers from reaching runtime Te… Continue reading New infosec products of the week: July 21, 2023
Tenable announced new Tenable Cloud Security features that deliver automated operating system (OS) vulnerability detection across container images, registries and pipelines. Building on existing exposure management capabilities, Tenable Cloud Security … Continue reading Tenable unveils agentless container scanning to prevent vulnerable containers from reaching runtime
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed … Continue reading Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabiliti… Continue reading VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusi… Continue reading June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. The two exploited bug… Continue reading Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932)
A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across… Continue reading Cybersecurity leaders introduced open-source information sharing to help OT community
It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About CVE-2023-28252 CVE-2023-28252 is a vulnerability in the Windows Common Log File… Continue reading Microsoft patches zero-day exploited by attackers (CVE-2023-28252)