security patches Archives - Cyber Security Minute

5379 GitLab servers vulnerable to zero-click account takeover attacks

Issued by: Security Affairs

GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction. “An issue has been discovered in GitLab CE/EE…

Application Security, Mobile Security

Apple Ships iOS 17.2 With Urgent Security Patches

Issued by: SecurityWeek

The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes. According to an advisory from Cupertino’s security response team, the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution…

Vulnerabilities

Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

Issued by: SecurityWeek

Portable computers running Google’s ChromeOS, Chromebooks have been in users’ hands since 2012, and have become one of the most used types of devices within the education sector. To prolong their lives and ensure they remain secure to use, Google said it plans to extend the automatic security updates period for some of these devices,…

Software Security

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone

Issued by: Dark Reading

The recent ransomware incident at Rackspace that took down the company’s hosted Microsoft Exchange server environment has focused attention on the often-risky gamble that security teams take when choosing to mitigate a vulnerability — rather than apply a patch for it. Last week, Rackspace disclosed that a Dec. 2 intrusion into the hosting company’s Exchange…

Software Security

Adobe Warns of Critical Flaws in Magento, Connect

Issued by: Security Week

As part of its scheduled Patch Tuesday release, Adobe released fixes for 29 documented security vulnerabilities, some serious enough to expose users to code execution, security feature bypass, and privilege escalation attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif….

Vulnerabilities

Apple Patches Code Execution Vulnerabilities Across Product Portfolio

Issued by: Security Week

A total of 27 bugs were squashed with the release of macOS Catalina 10.15.4, affecting components such as Bluetooth, Call History, CoreFoundation, FaceTime, Kernel, libxml2, Mail, sudo, and Time Machine, among others. The patched flaws could result in the execution of arbitrary code with system or kernel privileges, leak of kernel memory, privilege escalation, leak…

Malware & Threats

Major US newspapers crippled by Ryuk ransomware attack

Issued by: CSO

Ryuk ransomware is believed to be the culprit behind printing and delivery issues for “all Tribune Publishing newspapers” — as well as newspapers that used to be part of Tribune Publishing. The malware was discovered and later quarantined on Friday, but the security patches failed to hold when the servers were brought back online and…