Vulnerabilities Archives - Cyber Security Minute

Apple addressed 2 new iOS zero-day vulnerabilities

Issued by: Security Affairs

Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. An attacker can trick a victim into visiting specially crafted web…

Vulnerabilities

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Issued by: Security Affairs

ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices. The vulnerability, tracked as CVE-2023-49103, resides in the Graphapi app, which relies on a third-party…

Vulnerabilities

CISA Urges Patching as Hackers Exploit ‘Looney Tunables’ Bug

Issued by: DataBreach Today

U.S. federal agencies have until Dec. 12 to patch vulnerable Linux devices on their networks after researchers discovered an actively exploited security flaw. The Cybersecurity and Infrastructure Security Agency added the “Looney Tunables” vulnerability, tracked as CVE-2023-4911, to its catalog of known exploited vulnerabilities Tuesday and mandated federal civilian branch agencies to download patches to…

Vulnerabilities

Zimbra zero-day exploited to steal government emails by four groups

Issued by: Security Affairs

Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations. The experts observed that most of the attacks took place after the public…

Vulnerabilities

21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers

Issued by: Dark Reading

Researchers have discovered 21 vulnerabilities in a popular brand of industrial router. On Dec. 7 at Black Hat Europe, analysts from Forescout will reveal the bugs — including one of 9.6 “Critical” severity on the CVSS scale, and nine “High” severity — affecting a brand of operational technology (OT)/Internet of Things (IoT) routers especially common…

Vulnerabilities

Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion

Issued by: SecurityWeek

As part of its scheduled Patch Tuesday updates, Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software. In a critical-severity bulletin, Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and…

Vulnerabilities

Cisco patches serious flaws in Firepower and Identity Services Engine

Issued by: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging administrators to deploy the available patches because “a cyber threat actor could…

Vulnerabilities

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Issued by: Dark Reading

Aqua Security, the pioneer in cloud native security, today announced its open source solution Trivy now supports vulnerability scanning for Kubernetes components in addition to Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are in order to substantially reduce risk. Kubernetes has…

Vulnerabilities

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Issued by: Security Affairs

F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. “This vulnerability may allow an unauthenticated…

Vulnerabilities

Virtual Alarm: VMware Issues Major Security Advisory

Issued by: Dark Reading

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…