Wednesday, August 10, 2022

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers...

Citrix Hypervisor Security Bulletin for CVE-2022-33745

CTX463455 NewCitrix Hypervisor Security Bulletin for CVE-2022-33745Applicable Products :  Citrix HypervisorXenServer

Mitsubishi Electric GT SoftGOT2000

This advisory contains mitigations for Infinite Loop and OS Command Injection vulnerabilities in versions of Mitsubishi Electric GT SoftGOT2000 software. 

Emerson ControlWave

This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerabilities in Emerson ControlWave products, a programmable controller.

Emerson OpenBSI

This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.

Deepfake Attacks and Cyber Extortion are the Focus of New VMware Report

On day one of Black Hat USA 2022, we at VMware published our eighth annual Global Incident Response Threat Report. This report measures the cybersecurity landscape and highlights the challenges from the perspective of incident responders. This year we...

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.  Today, we are excited to recognize this year’s top 100 Most...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This...

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve...
F5 Networks

K92254835: Binutils vulnerability CVE-2018-12641

Binutils vulnerability CVE-2018-12641 Security Advisory Security Advisory Description An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack ...
F5 Networks

K34239812: Libexpat vulnerability CVE-2019-15903

Libexpat vulnerability CVE-2019-15903 Security Advisory Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document ...
F5 Networks

K43871899: binutils vulnerability CVE-2018-1000876

binutils vulnerability CVE-2018-1000876 Security Advisory Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_ ...
F5 Networks

K21571420: Multiple Samba vulnerabilities

Multiple Samba vulnerabilities Security Advisory Security Advisory Description CVE-2022-2031 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
Have I Been Pwned

QuestionPro (unverified) – 22,229,637 breached accounts

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform),...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …