Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles. Microsoft Patch Tuesday for July 2023 This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Nine of these 132 vulnerabilities are rated as critical … Continue reading “Microsoft Patch Tuesday, July 2023 Security Update Review”
Apple Patches Actively Exploited Zero-day Vulnerability in macOS Ventura, iOS and iPadOS (CVE-2023-37450)
Apple has released patches for an actively exploited zero-day vulnerability in macOS Ventura, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of the issue being exploited. The vulnerability, CVE-2023-37450, was reported by an anonymous researcher. CISA has added the zero-day vulnerability to its Known Exploited Vulnerabilities Catalog and recommended users … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in macOS Ventura, iOS and iPadOS (CVE-2023-37450)”
Progress MOVEit Transfer Multiple Vulnerabilities (CVE-2023-36932, CVE-2023-36933, & CVE-2023-36934)
Multiple Denial of Service and SQL injection vulnerabilities are discovered in the Service Pack program for MOVEit products, including MOVEit Transfer and MOVEit Automation. CVE-2023-36934 is rated as critical, while CVE-2023-36932 and CVE-2023-36933 are rated High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to the MOVEit Transfer database and terminate … Continue reading “Progress MOVEit Transfer Multiple Vulnerabilities (CVE-2023-36932, CVE-2023-36933, & CVE-2023-36934)”
WordPress Plugin Ultimate Member Unauthenticated Privilege Escalation Vulnerability (CVE-2023-3460)
WordPress Ultimate Member plugin is vulnerable to a privilege escalation vulnerability that is being exploited in the wild. CVE-2023-3460 has been rated as critical with a CVSS base score of 9.8. The proof of concept for the vulnerability will be released on August 1st, 2023. Ultimate Member is a user profile and membership plugin for … Continue reading “WordPress Plugin Ultimate Member Unauthenticated Privilege Escalation Vulnerability (CVE-2023-3460)”
Citrix ADC and Citrix Gateway Arbitrary File Read and Cross-Site Scripting Vulnerabilities (CVE-2023-24487 & CVE-2023-24488)
Petr Juhanak of Accenture, Dylan Pindur of Assetnote, and Wisdomtree of Ant Group Digital Financial Security Team have discovered two vulnerabilities in Citrix ADC and Citrix Gateway. CVE-2023-24487 may allow attackers to read arbitrary files. CVE-2023-24488 is a cross-site scripting vulnerability that may allow an attacker to execute JavaScript in the victim’s browser. Citrix ADC … Continue reading “Citrix ADC and Citrix Gateway Arbitrary File Read and Cross-Site Scripting Vulnerabilities (CVE-2023-24487 & CVE-2023-24488)”
Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)
Fortinet addressed an arbitrary code execution vulnerability in FortiNAC. CVE-2023-33299 has been rated as critical with a CVSS base score of 9.6. Florian Hauser from CODE WHITE has discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an unauthenticated attacker to execute unauthorized code on the target system. FortiNAC is … Continue reading “Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)”
Grafana Critical Authentication Bypass Vulnerability (CVE-2023-3128)
Grafana has released security updates to address an authentication bypass/account takeover vulnerability. CVE-2023-3128 has been rated as critical with a CVSSv3.1 base score of 9.4. Successful exploitation of the vulnerability will allow an attacker to gain complete control of a user’s account, including access to private customer data and sensitive information. Grafana is a multi-platform … Continue reading “Grafana Critical Authentication Bypass Vulnerability (CVE-2023-3128)”
VMware Tools Zero-day Authentication Bypass Vulnerability Exploited by Chinese Hackers (CVE-2023-20867)
VMware addressed an authentication bypass vulnerability in VMware Tools. CVE-2023-20867 may allow attackers to execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication. The vulnerability was discovered by Mandiant. The firm suggests that the cyber espionage group known as UNC3886 has exploited the vulnerability. VMware Tools is a set of services … Continue reading “VMware Tools Zero-day Authentication Bypass Vulnerability Exploited by Chinese Hackers (CVE-2023-20867)”
Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)
Apple has released multiple security advisories to address vulnerabilities in macOS, Safari, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited. CVE-2023-32434 and CVE-2023-32435 were discovered by Georgy Kucherin, Leonid Bezvershenko, and Boris Larin of Kaspersky, while CVE-2023-32439 was reported to … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)”
Microsoft Released Out-of-Band Security Updates (CVE-2023-32027, CVE-2023-32025, CVE-2023-32026, CVE-2023-29356, CVE-2023-32028, and CVE-2023-29349)
Microsoft has released an out-of-band update to address six security vulnerabilities in Microsoft OLE (Object Linking and Embedding), Microsoft Open Database Connectivity (ODBC) driver for SQL Server. CVE-2023-32028: Microsoft OLE DB Remote Code Execution Vulnerability The OLE DB Driver for SQL Server is a data access application program interface (API) that delivers the SQL OLE … Continue reading “Microsoft Released Out-of-Band Security Updates (CVE-2023-32027, CVE-2023-32025, CVE-2023-32026, CVE-2023-29356, CVE-2023-32028, and CVE-2023-29349)”
