Cyber Security News
Firefox 120 Released With Security Updates: What’s New!
10 vulnerabilities are patched, including six 'High Severity' issues and two moderate and low severity issues are fixed.
SecurityWeek
High-Severity DoS Vulnerability Patched in OpenSSL
A high-severity DoS vulnerability tracked as CVE-2022-0778 has been patched in OpenSSL.
CyberSecurity Dive
Global cyber insurance prices continue to moderate in Q1
Marsh data shows rate increases slowing, stemming from new entrants into the cyber insurance market, companies adding controls and fewer ransomware attacks in 2022.
Trend Micro
Global Cyber Risk Lowers to Moderate Level in 2H' 2022
Trend’s seventh edition of the Cyber Risk Index (CRI) reveals an in-depth analysis of cyber threat and vulnerabilities
Cyber Security News
Mozilla Firefox 117: 5 High-Severity Vulnerabilities Patched
With the release of Mozilla Firefox 117, 13 vulnerabilities are patched, including seven 'High Severity' flaws and four memory corruption flaws.
SecurityWeek
Firefox 118 Patches High-Severity Vulnerabilities
Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape.
SecurityWeek
BIND Updates Patch High-Severity Vulnerabilities
ISC has announced patches for multiple high-severity vulnerabilities impacting the BIND DNS software.
SecurityWeek
Firefox, Chrome Updates Patch High-Severity Vulnerabilities
Firefox and Chrome updates released this week resolve multiple high-severity memory safety vulnerabilities.
SecurityWeek
Firefox 116 Patches High-Severity Vulnerabilities
Firefox 116 was released with patches for high-severity vulnerabilities, some of which can lead to remote code execution or sandbox escapes.
SecurityWeek
Chrome 120 Update Patches High-Severity Vulnerabilities
A Chrome 120 security update resolves nine vulnerabilities, including five high-severity flaws reported externally.
SecurityWeek
High-Severity Vulnerability Patched in Splunk Enterprise
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.
SecurityWeek
Cisco Patches High-Severity IOS RX Vulnerabilities
Cisco releases patches for high-severity denial-of-service and elevation of privilege vulnerabilities in IOS RX software.
SecurityWeek
ESET Patches High-Severity Privilege Escalation Vulnerability
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products.
SecurityWeek
Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities
Chrome and Firefox security updates resolve over 35 vulnerabilities, including a dozen high-severity bugs.
SecurityWeek
Chrome 116 Update Patches High-Severity Vulnerabilities
Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers.
SecurityWeek
Atlassian Security Updates Patch High-Severity Vulnerabilities
Atlassian has released patches for multiple high-severity vulnerabilities in Jira, Confluence, Bitbucket, and Bamboo products.
SecurityWeek
Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates.
SecurityWeek
Google Patches Chromecast Vulnerabilities Exploited at Hacking Contest
Google has patched several high and moderate-severity Chromecast vulnerabilities demonstrated earlier this year at a hacking competition.
SecurityWeek
Chrome 108 Patches High-Severity Memory Safety Bugs
Chrome 108 arrives with patches for 28 vulnerabilities, including multiple high-severity memory safety issues.
SecurityWeek
Chrome 125 Update Patches High-Severity Vulnerabilities
Google released a Chrome 125 update to resolve four high-severity vulnerabilities reported by external researchers.
SecurityWeek
Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins
Jenkins has announced patches for high and medium-severity vulnerabilities impacting several of the open source automation tool’s plugins.
SecurityWeek
Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird
Mozilla has patched high-severity spoofing, privacy and remote code execution vulnerabilities in Firefox and Thunderbird.
SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products
Cisco has patched high-severity vulnerabilities in its Enterprise NFV, Expressway and TelePresence products.
SecurityWeek
SAP's April 2024 Updates Patch High-Severity Vulnerabilities
SAP releases 12 security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities.
SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Networking Software
Cisco has announced patches for 12 vulnerabilities in its IOS and IOS XE software, including 10 rated ‘high severity’.
Security Affairs
Splunk fixed high-severity flaw impacting Windows versions
Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs.
SecurityWeek
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS
Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space.
CSO
OpenSSL project patches two vulnerabilities but downgrades severity
The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.
SecurityWeek
QNAP Patches High-Severity Bugs in QTS, Qsync Central
Two high-severity vulnerabilities in QNAP’s operating system could lead to command execution over the network.
SecurityWeek
Google Patches High-Severity Privilege Escalation Vulnerabilities in Android
Android’s November 2022 security updates patch over 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.
SecurityWeek
BIND Updates Patch Two High-Severity DoS Vulnerabilities
The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely.
SecurityWeek
SolarWinds Patches High-Severity Flaws in Access Rights Manager
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues.
SecurityWeek
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities
Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities.
SecurityWeek
Hikvision Patches High-Severity Vulnerability in Security Management System
A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs.
SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Data Center OS
Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities.
Bleeping Computer
Synology fixes maximum severity vulnerability in VPN routers
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.
SecurityWeek
Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence.
The Hacker News
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
A high-severity bug (CVE-2024-0200) could've allowed attackers to access credentials in production containers on GitHub.
SecurityWeek
Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS
Fortinet has announced patches for multiple vulnerabilities across products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.
Cyber Security News
New Critical and High-Severity SQL Injection Flaw in MOVEit Transfer Software
A critical-severity SQL injection flaw and two other high-severity vulnerabilities have been fixed in MOVEit Transfer, the software at the focus of the recent widespread Clop ransomware outbreaks.
SecurityWeek
Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM
Cisco patches a high-severity SQL injection vulnerability in Unified CM and Unified CM SME.
SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Enterprise Applications
Cisco has patched high-severity vulnerabilities in enterprise applications that could lead to privilege escalation, SQL injection, and DoS
Bleeping Computer
High-severity GitLab flaw lets attackers take over accounts
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.
SecurityWeek
Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard
Intel has released patches for multiple vulnerabilities across its product portfolio, including a series of high-severity vulnerabilities in the BIOS firmware of several processor models.
Infosecurity News
Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads
This year’s EU elections will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats
Cyber Security News
Google Chrome Security Update - Multiple High-severity vulnerabilities patched
Google Chrome Security Update - Multiple High-severity vulnerabilities patched on every nook and corner to make it as secure as possible.
The Hacker News
Researchers Uncover New High-Severity Vulnerability in PaperCut Software
High-severity security flaw in PaperCut print management software for Windows! CVE-2023-39143 enables remote code execution.
The Hacker News
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
CISA adds high-severity flaw in Service Location Protocol (SLP) to Known Exploited Vulnerabilities list.
SecurityWeek
Cisco Patches High-Severity Vulnerability in Security Solutions
A high-severity vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software could lead to the leak of an RSA private key.
SecurityWeek
IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products
IBM has released patches for multiple high-severity vulnerabilities in Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector system.
SecurityWeek
Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
Fortinet has released patches for a high-severity cross-site scripting vulnerability impacting its enterprise firewalls and switches.
Security Affairs
Zoom Rooms was affected by four “high” severity vulnerabilities
Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers. The issue affects Rooms for Windows […]
Security Affairs
Cisco fixed high-severity elevation of privilege and DoS bugs
Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software.
The Hacker News
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Researchers detail a recently reported high-severity vulnerability in Fastjson library that could potentially be exploited for remote code execution.
Cyber Security News
High-Severity BIND DNS Flaw Let Attackers Exploit Remotely
Security fixes have been issued that address three high-severity vulnerabilities in several versions of ISC's BIND DNS Flaw 9
SecurityWeek
Intel Software and Firmware Updates Patch 18 High-Severity Vulnerabilities
Many high-severity privilege escalation vulnerabilities have been patched in Intel firmware and software with the first round of security updates released in 2022.
Bleeping Computer
GitLab 'strongly recommends' patching max severity flaw ASAP
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
The Hacker News
High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners
Bosch's smart devices have high-severity vulnerabilities, posing a risk to your thermostat and smart nutrunners
SecurityWeek
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
Bleeping Computer
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.
SecurityWeek
Chrome 105 Update Patches High-Severity Vulnerabilities
Google has released a Chrome 105 update that addresses 11 vulnerabilities, including 7 high-severity bugs reported by external researchers.
SecurityWeek
High-Severity Command Injection Flaws Found in Fortinet's FortiTester, FortiADC
Fortinet has released patches for multiple vulnerabilities across its product portfolio and warned of a high-severity command injection bug in FortiADC.
Cyber Security News
OpenSSL Fixed Two High Severity Vulnerabilities That Can be Exploited Remotely
Two high-severity security vulnerabilities recently discovered and patched by the OpenSSL Project in its open-source cryptographic library.
SecurityWeek
High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update
Google has released an update for the Chrome browser to address multiple high-severity use-after-free vulnerabilities.
SecurityWeek
ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature
ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.
SecurityWeek
Google Pays $45,000 for High-Severity Vulnerabilities Found in Chrome
Google has released a Chrome 107 update to address 10 vulnerabilities, including six high-severity issues reported by external researchers.
The Hacker News
Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software
Researchers have uncovered multiple high-severity flaws in the open source OpenLiteSpeed Web Server and its enterprise variant.
Security Affairs
Cisco addressed several high-severity flaws in its products
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 […]
Bleeping Computer
Maximum severity Flowmon bug has a public exploit, patch now
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility.
Security Affairs
ESET fixed high-severity local privilege escalation bug in Windows products
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.
The Hacker News
VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products
VMware releases security patch updates for multiple high-severity vulnerabilities affecting ESXi, Workstation, Fusion, and Cloud Foundation products.
Ars Technica
AI-powered hate speech detection will moderate voice chat in Call of Duty
"ToxMod" will automatically flag spoken harassment, bullying, and discrimination.
The Hacker News
High-Severity Bug Reported in Google's OAuth Client Library for Java
Google has patched a high-severity vulnerability in its OAuth library for Java that could be exploited by a malicious actor with a compromised tokens.
The Hacker News
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
A new high-severity remote code execution vulnerability (CVE-2021-44521) has been reported in Apache Cassandra NoSQL database software.
Bleeping Computer
SAP releases security updates for two critical-severity flaws
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
Cyber Security News
Firefox 118 Released With the Fix for 6 High-Severity Vulnerabilities
Mozilla has recently launched Firefox 118, which addresses a total of nine security vulnerabilities. Notably, this release effectively resolves six high-severity vulnerabilities.
Security Affairs
Cisco fixes High-Severity bug in Secure Web Appliance
Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […]
Security Affairs
Cisco fixed two high-severity bugs in Communications, Networking Products
Cisco fixed high-severity flaws in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. “Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software […]
The Hacker News
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions
Cisco releases patches for a high-severity vulnerability affecting ASA and Firepower solutions.
Bleeping Computer
Exploit released for maximum severity Fortinet RCE bug, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February.
The Hacker News
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices
Several high-severity firmware security vulnerabilities found in HP's high-end business devices remain unpatched months after being reported publicly.
Security Affairs
Microsoft revised CVE-2022-37958 severity due to its broader scope
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was […]
SecurityWeek
Cisco Squashes High-Severity Bug in Web Protection Solution
Cisco has announced patches for a high-severity escalation of privilege vulnerability in AsyncOS for Cisco Secure Web Appliance.
The Hacker News
New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices
Researchers have discovered 16 new high-severity vulnerabilities in UEFI firmware impacting multiple HP enterprise devices.
Bleeping Computer
Cisco discloses high-severity IP phone bug with exploit code
Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing unpatched devices to remote code execution and denial of service (DoS) attacks.
The Hacker News
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits.
SecurityWeek
High-Severity Vulnerabilities Patched in Omron PLC Programming Software
Several high-severity vulnerabilities that can be exploited for arbitrary code execution have been patched in Omron’s CX-Programmer PLC programming software.
The Hacker News
High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security
Multiple high-severity vulnerabilities discovered in ConnectedIO's routers and cloud platform could let hackers execute malicious code.
The Hacker News
Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware
Cisco warns of an unpatched, high-severity flaw affecting IP Phone 7800 and 8800 series IP phones, for which a public proof-of-concept exploit is avai
Ars Technica
Valve waited 15 months to patch high-severity flaw. A hacker pounced
Vulnerability had a 8.8 severity rating. Valve took its time patching anyway.
The Hacker News
CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software
CISA warns of high-severity vulnerabilities in Schneider Electric Easergy P5 and P3 and GE Proficy CIMPLICITY SCADA Software.
DarkReading
Discrepancies Discovered in Vulnerability Severity Ratings
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.
Security Affairs
Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series
Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a […]
DarkReading
Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution
Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet's FortiSIEM cybersecurity operations platform.
Security Affairs
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by […]
Security Affairs
Trend Micro fixed high severity flaw in Apex Central product management console
Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead […]
Bleeping Computer
Cisco discloses high-severity IP phone zero-day with exploit code
Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
The Hacker News
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
New high-severity vulnerabilities have been discovered in Cisco IOx and F5 BIG-IP products. Protect your organization by staying informed.
Security Affairs
ISC fixed high-severity flaws in the BIND DNS software
The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. Four out of six flaws, all denial-of-service (DoS) issue, have been rated as ‘high’ severity. One of the issues, tracked […]
Naked Security
OpenSSL fixes High Severity data-stealing bug – patch now!
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English…
Loading more articles....