New Alerts for TIBCO, NetApp, and Linux. Researchers have discovered an attack on the Voice over LTE (VoLTE) mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls.  Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and ...

New Alerts for Wireshark, Microsoft, Dell, Apache Struts, Apple, and Linux. Six simple actions can leave you hacked in Windows, including playing audio, playing video, browsing a website, receiving an email, looking at a PDF, and editing an HTML page.  Patch your systems! Vulnerabilities in Amazon's Alexa virtual assistant platform could ...

New Alerts for Yokogawa, ABB, IBM, QNAP, BlackBerry, and Linux. Don't forget Microsoft Monthly Patches, two are being actively exploited.  Although vulnerabilities that require local access don't reach the Radar Page, Intel has published a slew of updates that corrects many vulnerabilities.  Vendors like HP and Lenovo are rolling out the ...

Microsoft Monthly Patches are out with two currently exploited and one previously disclosed.  Adobe Monthly Patches are out as well. Although we don't report on CMS and templates on the Radar page, this is worth reporting here...  vBulletin pre-auth RCE from September 2019 easily bypassed, PoC exploit code published. Qualcomm published fi...

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Google, Apple, Citrix, Sierra Wireless, and Linux. Microsoft and Adobe Monthly Patches are expected out later today. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of...

New Alerts for Apache, SICK, IBM, NetApp, and Linux. Tomorrow is monthly Patch Day for Microsoft, Adobe, Schneider Electric, Siemens, and SAP.  Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securityw...

New Alerts for Advantech, Xerox, and Linux. Adobe has the pre-release notice for next week's Patch Tuesday out.  Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com Adobe Product Secur...

New Alerts for Cisco, Dell, HPE, PHP, BlackBerry, FreeBSD, and Linux. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com

New Alerts for IBM and Linux. GNU C has a remote code execution vulnerability, exploitable locally so doesn't make the Radar page, but worth taking a look. The Ripple20 vulnerabilities affect the Treck TCP/IP stack, but now CISA is reporting that "The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet...

New Alerts for NETGEAR, ABB, and Linux. RedHat has patched the broken Boothole updates.  Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com

New Alerts for Inductive Automation, Yokogawa, Rockwell Automation, Microsoft (Edge), Apple, NetApp, and Linux. Quick to patch "Boothole"?  Best take a beat if you're on RedHat, as grub doesn't load at all after the patch... as in put in a DVD and downgrade the packages.  Actually, just don't no matter your distro.  Debian, CentOS, U...

New Alerts for Cisco, Mitsubishi Electric, Dell, Grandstream, and Linux.   There's a new vulnerability in GRUB2 secure boot, called "Boothole".  It requires physical or administrative access, so it's not reported in the standard vulnerability set, but it has a name and a webpage...HMS has identified several EOL products vulnerable to...

New Alerts for Secomea, Softing, SICK, Mozilla, Adobe, NETGEAR, and Linux. The Secomea VPN vulnerability got a writeup in SecurityWeek.com about the risk to oil and gas industries. NETGEAR has updated several pre-authentication vulnerabilities in one router model. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar ...

New Alerts for Google (Chrome), Dell, and Linux. CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The...

New Alerts for Hitachi and Linux. It's quiet, other than exploitation of known vulnerabilities with patches. CISA has a bulletin about F5 Big-IP exploits, F5 says if you haven't patched yet, you're likely compromised.   Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and ...

New Alerts for Cisco - Exploit, NetApp, ZTE, and Linux.  Have a great weekend! Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com

New Alerts for Cisco, CODESYS, Artica Proxy, and Linux.Artica Proxy is an open source platform. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com

New Alerts for Adobe and Linux. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com

New Alerts for Micro Focus, IBM, Dell, and Linux.  Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com

New Alerts for Moodle, IBM, and Linux. We have dropped the Overall Alert and the Windows DNS Alerts to Guarded. GE Healthcare and Philips have put out bulletins regarding the Microsoft DNS vulnerability and their products that run on Microsoft platforms.  Medical and ICS/SCADA are particularly at risk as they try to determine how best to roll ...