Cybersecurity News | CyberSecured 24x7

12 Jul

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution

Fortinet on Tuesday announced security updates that address a critical-severity vulnerability in FortiOS and FortiProxy that could be exploited for remote code execution (RCE). Tracked as CVE-2023-33308 (CVSS score of 9.8), the bug is described as a stack-based overflow issue impacting the deep inspection function in proxy mode. “A stack-based overflow vulnerability in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall…

11 Jul

Apple & Microsoft Patch Tuesday, July 2023 Edition

Information, Insights

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices. On July 10, Apple pushed a “Rapid Security Response”…

11 Jul

Fortinet Releases Security Update for FortiOS and FortiProxy

Attacks, Insights, Malware

Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Fortinet security release FG-IR-23-183 and apply the necessary updates.

11 Jul

CISA Adds Five Known Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability CVE-2023-36874 Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability CVE-2022-31199 Netwrix Auditor Insecure Object Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To…

11 Jul

Adobe Releases Security Updates for ColdFusion and InDesign

Attacks, Insights, Malware

Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security releases APSB23-38 and APSB23-40 and apply the necessary updates.

11 Jul

Microsoft Releases July 2023 Security Updates

Attacks, Insights, Malware

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2023 Security Update Guide and Deployment Information and apply the necessary updates.

11 Jul

Mozilla Releases Security Update for Firefox and Firefox ESR

Attacks, Insights, Malware

Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory MFSA 2023-26 and apply the necessary update.

11 Jul

Serious Security: Rowhammer returns to gaslight your computer

Information

by Paul Ducklin You’re probably familiar with the word gaslighting, used to refer to people with the odious habit of lying not merely to cover up their own wrongdoing, but also to make it look as though someone else is at fault, even to the point of getting the other person to doubt their own memory, decency and sanity. You might not know, however, that the term comes from a 1930s psychological thriller play called…

11 Jul

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

Information, Uncategorized

by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download when you decide to fetch them. Don’t take as long to install and activate when you actually apply them. Don’t make irreversible changes that can’t…

11 Jul

Russia-Linked RomCom Hackers Targeting NATO Summit Guests

Information, News

As part of a recently identified cyber operation, a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12, the cybersecurity unit at BlackBerry reports. Taking place in Vilnius, Lithuania, the NATO Summit has on the agenda talks focusing on the war in Ukraine, as well as new memberships in the organization, including Sweden and Ukraine itself. Taking advantage of the event,…

CyberSecurity Updates

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution

Apple & Microsoft Patch Tuesday, July 2023 Edition

Fortinet Releases Security Update for FortiOS and FortiProxy

CISA Adds Five Known Vulnerabilities to Catalog

Adobe Releases Security Updates for ColdFusion and InDesign

Microsoft Releases July 2023 Security Updates

Mozilla Releases Security Update for Firefox and Firefox ESR

Serious Security: Rowhammer returns to gaslight your computer

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

Russia-Linked RomCom Hackers Targeting NATO Summit Guests

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources