New Alerts for StrangeBee, Google Chrome (Exploit), and OpenSSL.
Not sure what happened to the Mobile patch day, maybe later this afternoon or next week.
StrangeBee
A critical vulnerability has been identified in TheHive API endpoint. An attacker exploiting the vulnerability will be able to get all the details of current activities in TheHive (creation, modification, deletion of any object). This endpoint is accessible without authentication.
More info. And here.
Google has updated Chrome for Desktop to fix 4 security vulnerabilities, at least 3 rated High. One is being actively exploited.
More info.
Google has updated Chrome for Android to fix 3 security vulnerabilities, at least 2 rated High. One is being actively exploited.
More info.
OpenSSL has a serious bug in the RSA implementation, causing memory corruption during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. OpenSSL rates this High.
More info.
Comments