CND News and Blog

New Alerts for Cisco, Rockwell Automation, Bosch, Siemens, Xerox, Softing, and Linux. Cisco Cisco has published 21 new bulletins, 1 rated Critical, 11 rated High, 9 rated Medium. Highest CVSSv3 score of 10.More info. Rockwell Automation Rockwell Automation has published 8 new bulletins addressing vulnerabilities in FactoryTalk, Flex 5000 I/O, ...

Monthly Patches are out for Palo Alto Networks. Quarterly Patches are out for F5. New Alerts for Checkpoint, ABB, Zoom, Spring, and Linux. Palo Alto Networks Palo Alto Monthly Patches include 6 bulletins. Highest CVSSv3 score of 6.1.More info. F5 F5 Quarterly Patches include 4 bulletins for BIG-IP and Access for Android. Highest CVSSv4 score o...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Ivanti. New Alerts for Google Chrome, HTTP/2, and Linux. Microsoft Microsoft Monthly Patches include 111 vulnerabilities, 11 rated Critical, 1 publicly disclosed. Highest CVSSv3 score of 10 for the previously disclosed Azure vulnerability.More info. And here. Adobe Monthly Patches are out ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for IBM and Linux. We expect monthly patches for at least 4 more vendors this afternoon and tomorrow. Siemens Siemens Monthly Patches include 45 bulletins, 22 new and 23 updated. Of the new bulletins, highest CVSSv3 score of 9.8More info. Schneider Electric Schneider ...

New Alerts for BaiCells (Exploit), HPE, Xerox, NetApp, AMD, IBM, and Linux. BaiCells Exploit Baicells Atom R9 Cat4 Gen2 CPEs contained a hardcoded administrator account. This has been exploited.More info. HPE Several vulnerabilities have been identified within the HPE Private Cloud AI. Highest CVSSv3 score of 9.8More info. Xerox Security fixes have...

New Alerts for Microsoft Edge, Microsoft Azure, EG4 Electronics, Packet Power, Burk Technology, F5, IBM, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info.Microsoft has updated Azure with 2 fixes for vulnerabilities. No customer action is required. Highest CVSSv3 score of 10.More info. And here. EG4 Elect...

New Alerts for Splunk, Ubiquiti, Tenable, IBM, and Linux. Splunk Splunk has published 2 bulletins for third-party software included in their products, 1 rated Critical and 1 rated High. More info. Ubiquiti Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a remote attacker to achieve Command Injection. Hi...

Google Monthly Patches are out for Pixel. New Alerts for Google Chrome for Desktop, Trend Micro, Adobe, Tigo Energy, CODESYS, IBM, and Linux. Google Google Monthly Patches for Pixel include 1 fixed vulnerability rated Critical and 2 rated High, plus Android updates.More info.Google has updated Chrome for Desktop to fix 12 security vulnerabilities.M...

Monthly Patches are out for Google Android and Samsung. New Alerts for SICK, Hitachi, and Linux. Google Google Monthly Patches for Android include 3 fixed vulnerabilities, 1 rated Critical and 2 rated High, plus Arm and Qualcomm updates.More info. Samsung Samsung Monthly Patches for Android include 18 Samsung vulnerabilities, plus Android and Samsu...

Monthly Patches are out for Qualcomm. New Alerts for NVIDIA, HPE, CODESYS, HashiCorp, IBM, and Linux. Qualcomm Qualcomm monthly patches include 16 bulletins, 1 rated Critical, 13 rated High, and 2 rated Moderate, plus some OSS fixes. Highest CVSSv3 score of 7.8More info. NVIDIA NVIDIA has released a software update for Triton Inference Server with ...

New Alerts for Microsoft Edge, Güralp Systems, NetApp, IBM, and Dell. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. Guralp Systems Güralp FMUS Series Seismic Monitoring Devices are missing authentication and could allow a remote attacker to modify hardware configurations, manipulate data, or factory reset the device...

New Alerts for Apple, Splunk, IBM, and Linux. Apple Apple released security updates for Safari.More info. Splunk Splunk has published 3 new bulletins identifying vulnerabilities in third-party software included in their products, 2 rated Critical and 1 rated High.More info. IBM IBM has published Critical bulletins for Control Desk, Instana Observab...

New Alerts for Apple, Google Chrome, IBM, SonicWall, Samsung, Tenable, and Linux. Apple Apple released security updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS that patch a total of 89 different vulnerabilities.More info. And here. Google Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info.Microsoft is awar...

New Alerts for Progress, Broadcom Tanzu, Python, and Linux. Progress Progress has published 3 new bulletins for DataDirect Hybrid Data Pipeline, all rated Critical.More info. Broadcom Broadcom has published 19 security bulletins for Tanzu, 14 rated Critical, 4 rated High, and 1 rated Medium.More info. Python A vulnerability in CPython could result ...

A quiet day, new Alerts for Microsoft Edge and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. Linux Red Hat has updated the kernel and kernel-rt. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile ...

New Alerts for Mitel, HPE, NetApp, and Linux. Happy Friday! Mitel An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which allows a remote attacker to conduct an authentication bypass attack due to improper access control. CVSSv3 score of 9.4More info. HPE An Unauthorized Access...

New Alerts for ABB, HPE, Arista, Tenable, Dell, IBM, and Linux. ABB A vulnerability exists in the Modbus TCP server functionality that allows a remote attacker to access fragments of Modbus telegrams that have been sent earlier by that PLC. CVSSv4 score of 6.9More info. HPE Security vulnerabilities have been identified in the HP-UX Secure Shell dae...

Samsung has published Monthly Patches for Samsung TV. New Alerts for Google Chrome, Mozilla, DuraComm, Dahua, SonicWall, and Linux. Google Google has published an update for Chrome for Desktop that fixes three security vulnerabilities.More info.Microsoft is aware. More info.Philips has also identified their products affected by Chrome vulnerabiliti...

New Alerts for HPE, F5, Synology, Dell, ASUS, IBM, and Linux. HPE Security vulnerabilities have been identified in third-party software included in HPE Telco Network Function Virtual Orchestrator. Highest CVSSv4 score of 9.3More info. F5 F5OS contains a vulnerability where a certificate with a URI may incorrectly satisfy a URI name constraint that ...

New Alerts for Microsoft SharePoint (Exploit), Sophos Firewall, Helmholz, MB connect, BD, PowerDNS, and Linux. Microsoft Exploit Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows a remote attacker to execute code over a network. Microsoft is aware that an exploit exists in the wild. Note that public exploits were a...