Monthly Patches are out for Siemens and SAP. New Alerts for Apple, Google Chrome (Exploit), Extreme Networks, Cacti, and Linux.
Apple
Apple has published updates for iOS, iPadOS, macOS, watchOS, tvOS, and Safari. One exploited vulnerability is patched for older versions of macOS and iOS.
More info. And here.
Siemens Monthly Patches are out with 38 bulletins, 15 new bulletins and 23 updated bulletins. Of the new bulletins, highest CVSSv3 score of 10.
More info.
SIMATIC CN 4100 is vulnerable to use of hard coded credentials including root user. Highest CVSSv3 score of 10.
More info.
Siemens has released a new version for SIMATIC RTLS Locating Manager that fixes several security vulnerabilities. Highest CVSSv3 score of 10.
More info.
Several products used in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems contain buffer overflow vulnerabilities. Highest CVSSv3 score of 10.
More info.
The RUGGEDCOM CROSSBOW server application contains multiple vulnerabilities that could allow a remote attacker to execute arbitrary database queries or upload arbitrary files. Highest CVSSv3 score of 9.8
More info.
Siemens has released a new version for RUGGEDCOM APE1808 that corrects vulnerabilities in Nozomi Guardian/CMC. Highest CVSSv3 score of 7.5
More info.
SAP Security Patch Day saw the release of 14 new Security Notes 3 updates. Of the new Notes, highest CVSSv3 score of 9.8
More info.
Google has published an update for Chrome for Desktop that fixes one vulnerability that is currently being exploited.
More info.
Microsoft is aware. More info.
Extreme Networks was unable to publish security bulletins to the public portal for the first part of the year, and have now made 50 advisories for 2024 available.
More info.
Cacti has published an update that fixes 9 security vulnerabilities, including several RCE vulnerabilities.
More info.
Ubuntu has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page