The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks
Aruba Networking has released critical security patches for ArubaOS. Four flaws could allow remote code execution, giving attackers full control.
Security Affairs
HPE Aruba Networking addressed four critical ArubaOS RCE flaws
HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system.
Bleeping Computer
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
CyberNews
Telekom, Airbus slam plan giving Big Tech access to EU cloud data
Deutsche Telekom, Orange, Airbus, and over a dozen more EU firms slam a new plan that would allow Amazon, Google, and Microsoft to bid for EU cloud computing contracts.
The Hacker News
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
SecurityWeek
ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities
Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities.
The Hacker News
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
Cyber Security News
Cyber Security News Weekly Round-Up : Vulnerabilities, Cyber Attacks, Threats & New Cyber Stories
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
Cyber Security News
10 Best Automatic WiFi Security Providers - 2024
Best Automatic WiFi Security Providers : 1. Perimeter 81 2. Cisco Systems 3. Fortinet 4. Palo Alto Networks 5. Aruba Networks 6. Sophos.
Cyber Security News
10 Best Network Security Providers for Education Sectors - 2024
Best Network Security Providers for Education: 1. Perimeter81 2. Cisco Systems 3. Palo Alto Networks 5. Sophos 6. McAfee 7. Symantec.
Bleeping Computer
HPE investigates new breach after data for sale on hacking forum
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
SecurityWeek
HPE Says Russian Government Hackers Had Access to Emails for 6 Months
HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months.
SecurityWeek
Hewlett Packard Enterprise to Acquire Juniper Networks for $14 Billion
HPE to acquire Juniper Networks for $14 billion to accelerate AI-Driven innovation and strengthen its high-margin networking business.
Cyber Security News
Wireshark 4.2.0 Released - What’s New!
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
SecurityWeek
ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws
ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities.
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
The Hacker News
Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
September 2023 Patch Tuesday — Microsoft addresses 59 bugs, including actively exploited zero-day flaws
Cyber Security News
Threat and Vulnerability Roundup for the week of August 27th to September 2nd
The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 13th to 19th
Welcome to Cyber Writes' weekly Threat and Vulnerability Roundup, where we provide the most recent information on cybersecurity news. Take advantage of our extensive coverage and keep yourself updated.
The Hacker News
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
Microsoft's Patch Tuesday for August 2023 addresses 74 vulnerabilities in its software, including 6 Critical and 67 Important security flaws.
Cyber Security News
6 Actively Exploited Zero-Days and 132 Flaws Patched - Microsoft Security Update
A total of 132 new security flaws in Microsoft's products were patched, including six zero-day issues that the company claimed were being actively used in the wild.
The Hacker News
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited.
DarkReading
Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier
The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.
Ars Technica
TSMC says some of its data was swept up in a hack on a hardware supplier
The pernicious LockBit ransomware syndicate claims responsibility and demands $70 million.
The Hacker News
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
Microsoft's May Patch Tuesday includes fixes for 38 security flaws, including a zero-day bug under active exploitation.
The Hacker News
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Microsoft has just released security updates for a whopping 97 software flaws, including one that's being actively exploited by ransomware attacks.
Bleeping Computer
WiFi protocol flaw allows attackers to hijack network traffic
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.
The Hacker News
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
Microsoft's latest Patch Tuesday update for March 2023 is here with fixes for 80 security flaws, including two actively exploited vulnerabilities.
CSO
HPE to acquire Axis Security to deliver a unified SASE offering
HPE plans to expand its Aruba SASE platform with Axis Security’s Atmos, delivering a comprehensive edge-to-cloud, network and security solution as a service.
The Hacker News
Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack
Cisco has just released a security update to fix a critical vulnerability (CVE-2023-20078) in its IP Phone 6800, 7800, 7900, and 8800 Series products.
Bleeping Computer
Aruba Networks fixes six critical vulnerabilities in ArubaOS
Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
SecurityWeek
ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities
Siemens and Schneider Electric have released their Patch Tuesday security advisories for November 2022.
SecurityWeek
Palo Alto Networks, Aruba Patch Severe Vulnerabilities
Palo Alto Networks and Aruba have each announced patches for serious authentication bypass vulnerabilities affecting their products.
Security Affairs
Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator
Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. Aruba EdgeConnect Orchestrator is a centralized SD-WAN management solution that allows enterprises to control their WAN. Below are the vulnerabilities addressed […]
CyberSecurity Dive
Persistent vulnerabilities put VMware on the defense
Recent flaws earned the company CISA's 10th emergency directive, the latest in a series of potential high-impact flaws for enterprise users.
SecurityWeek
Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit
Google Project Zero has disclosed the details of a zero-click remote code execution exploit targeting Zoom.
SecurityWeek
HP Patches UEFI Vulnerabilities Affecting Over 200 Computers
HP patches two high-severity vulnerabilities that impact the UEFI firmware of more than 200 laptops, workstations, and other products.
Cyber Security News
Critical TLStorm 2.0 Bugs Let Attackers to Gain Remote Access
The security analysts at Armis discovered that several devices using Mocana NanoSSL are being sabotaged by the same problem even though they may come from two distinct switch vendors, but they got affected by the same misuse of NanoSSL.
The Record
HPE, Extreme Networks working to address five vulnerabilities in widely used network switches
The two companies' widely used Aruba and Avaya network switches have vulnerabilities in NanoSSL, a popular library for the TLS protocol.
The Hacker News
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
Researchers have discovered 5 new security vulnerabilities in multiple models of Aruba and Avaya network switches.
SecurityWeek
Vulnerabilities in Aruba and Avaya Switches Expose Enterprise Networks to Attacks
TLStorm 2.0 vulnerabilities can be exploited to remotely hack Aruba and Avaya switches and abuse them to gain access to enterprise networks.
Bleeping Computer
Aruba and Avaya network switches are vulnerable to RCE attacks
Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices.
CSO
TLS implementation flaws open Aruba and Avaya network switches to RCE attacks
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
CyberSecurity Dive
Critical CVEs put Aruba Networks, Avaya enterprise switches at risk
Researchers previously found similar vulnerabilities in Smart-UPS devices.
CSO
Gartner: 5 ways to deal with network equipment shortages
With lead times as long as 400 days, enterprises need to start looking at alternative ways to get the network equipment they need.
ZDNet
Aruba rolls out Microbranch networking to level up home offices | ZDNet
The new EdgeConnect Microbranch solution promises to bring office-level networking capabilities to home offices via a single Wi-Fi access point.
DataBreaches
HPE says hackers breached Aruba Central using stolen access key
Lawrence Abrams reports: HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor...
Bleeping Computer
All Wi-Fi devices impacted by new FragAttacks vulnerabilities
Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997.