Security Update Guide Notification System News: Create your profile now
Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers...
Citrix Hypervisor Security Bulletin for CVE-2022-33745
CTX463455 NewCitrix Hypervisor Security Bulletin for CVE-2022-33745Applicable Products : Citrix HypervisorXenServer
Mitsubishi Electric GT SoftGOT2000
This advisory contains mitigations for Infinite Loop and OS Command Injection vulnerabilities in versions of Mitsubishi Electric GT SoftGOT2000 software.
Emerson ControlWave
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerabilities in Emerson ControlWave products, a programmable controller.
Emerson OpenBSI
This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.
Deepfake Attacks and Cyber Extortion are the Focus of New VMware Report
On day one of Black Hat USA 2022, we at VMware published our eighth annual Global Incident Response Threat Report. This report measures the cybersecurity landscape and highlights the challenges from the perspective of incident responders. This year we...
Congratulations to the MSRC 2022 Most Valuable Researchers!
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This...
Microsoft Office to publish symbols starting August 2022
We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve...
K92254835: Binutils vulnerability CVE-2018-12641
Binutils vulnerability CVE-2018-12641 Security Advisory Security Advisory Description An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack ...
K34239812: Libexpat vulnerability CVE-2019-15903
Libexpat vulnerability CVE-2019-15903 Security Advisory Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document ...
K43871899: binutils vulnerability CVE-2018-1000876
binutils vulnerability CVE-2018-1000876 Security Advisory Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_ ...
K21571420: Multiple Samba vulnerabilities
Multiple Samba vulnerabilities Security Advisory Security Advisory Description CVE-2022-2031 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
QuestionPro (unverified) – 22,229,637 breached accounts
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform),...
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Enlarge (credit: Getty Images)
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
One of 5G's Biggest Features Is a Security Minefield
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
