Author: DEFENDEDGE
-
Microsoft Releases April 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following and apply the necessary updates: Microsoft Security Update Guide for April Read more
-
Vulnerability Summary for the Week of April 1, 2024
-
Vulnerability Summary for the Week of April 1, 2024
-
Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways
Ivanti has released security updates to address vulnerabilities in all supported versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Ivanti advisory and apply the necessary updates: … Read more
-
Vulnerability Summary for the Week of March 25, 2024
-
Vulnerability Summary for the Week of March 25, 2024
-
Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems. CISA recommends developers and users… Read more
-
Apple Released Security Updates for Safari and macOS
Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4.1 macOS Sonoma 14.4.1 macOS Ventura 13.6.6 Read more
-
Vulnerability Summary for the Week of March 18, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info N/A — N/A Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. 2024-03-19 8.8 CVE-2024-24042 cve@mitre.org cve@mitre.org N/A — N/A danielmiessler fabric through 1.3.0… Read more
-
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent, well-publicized exploitation of SQL injection (SQLi) defects in a managed file transfer application that impacted thousands of organizations. Additionally, the Alert highlights the prevalence… Read more