CND News and Blog

New Alerts for Spring, WAGO, and Juniper Networks.  Spring  Spring Framework allows a remote attacker to provide specially crafted HTTP requests that may cause a DoS. CVSSv3 score of 7.5More info. WAGO  A heap-based buffer overflow is possible in CodeMeter Runtime affecting multiple products by WAGO. CVSSv3 score of 9.8More info. Jun...

New Alerts for AVEVA, Apache Tomcat, NetApp, and Linux. AVEVA  PI Server contains several vulnerabilities that could allow a remote attacker to crash the product or throttle the memory leading to a partial DoS. CVSSv3 score of 7.5More info. And here. Apache  Tomcat contains an Information Disclosure vulnerability. CVSSv3 score of 7.5More ...

New Alerts for Nextcloud, Microsoft Edge (Exploit), IBM, HPE, BD, and Linux. Nextcloud  Global Site Selector password verification method allows a remote attacker to authenticate as another user. CVSSv3 score of 9.6More info. Microsoft Exploit Microsoft has updated Edge for the latest Chromium security updates. One has been exploited.More info...

New Alerts for Integration Objects, ABB, X.Org, Dell, Google Chrome (Exploit), BD, and Linux. Integration Objects  OPC UA Server Toolkit contains an Improper Output Neutralization for Logs vulnerability. Successful exploitation of this vulnerability allows a remote attacker to add content to the log file. CVSSv3 score of 5.3No response from ve...

Oracle Quarterly Patches are out this afternoon. New Alerts for Atlassian and Citrix. Oracle  Oracle's Quarterly Critical Patch Update is out today, pre-release notice reports 387 new security patches, 243 remotely exploitable without authentication. Highest CVSSv3 score of 9.8The Pre-release announcement becomes the regular announcement, so t...

New Alert for Linux. Tomorrow Oracle Quarterly Critical Patch Update is out. Linux  CentOS 7 has updated the kernel-firmware. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry R...

New Alerts for Rapid Software, Microsoft Edge, D-Link (Exploit), GitLab, TRENDnet, NetApp, and Linux. Rapid Software  Successful exploitation of vulnerabilities in Rapid SCADA could result in a remote attacker connecting to the server and perfoming attacks using the high privileges of a service, obtaining administrator passwords, learning sens...

Monthly Patches are out for Juniper Networks. New Alerts for Ivanti (Exploit), Cisco, BD, and NVIDIA. Ivanti Exploit Vulnerabilities have been discovered in Ivanti Connect Secure (ICS). These vulnerabilities used together allow a remote attacker to craft malicious requests and execute arbitrary commands on the system. Highest CVSSv3 score of 9.1Pat...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. Quarterly Patches are out for Splunk. New Alerts for Google Chrome, HPE, IBM, and Linux. Microsoft  Microsoft Monthly Patches are out with 48 patched vulnerabilities plus chromium updates for Edge. Of the Microsoft vulnerabilities, 2 are rated Critical. Highest CVSSv3 score of 9.1More...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Palo Alto Networks, BD, Google ChromeOS, and Linux. Microsoft and Adobe Monthly Patches are expected this afternoon.  Siemens  Siemens has published their Monthly Patches, with 6 new bulletins and 11 updated bulletins. Of the new bulletins, highest CVSSv3 sco...

New Alerts for QNAP, Bosch, Microsoft, HPE, HP, NetApp, and Linux. QNAP  A vulnerability has been reported in Netatalk which affects QNAP OS. CVSSv3 score of 9.8More info.A prototype pollution vulnerability affects QNAP OS. The vulnerability allows a remote attacker to override existing attributes which causes the system to crash. CVSSv3 score...

New Alerts for BD, Moxa, and Linux. BD  BD has published security updates for Alaris, Data Agent, Pyxis, Identity Provider Manager, Care Coordination Engine, EpiCenter, and Max.More info. Moxa  Moxa has added PT-7728 and PT-7828 series products to a bulletin from Nov 2023. Highest CVSSv3 score of 6.9More info. Linux  Ubuntu has updat...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for Google Chrome, Dell, Wireshark, and HPE. Google  Google has updated Chrome for Desktop to fix 6 security vulnerabilities.More info.Google has published the Monthly Android patches with 11 addressed vulnerabilities, all rated High, plus Arm, Imagination Techno...

New Alerts for MediaTek, IBM, and ASUS. MediaTek  MediaTek Monthly Patches are out, with 20 addressed vulnerabilities, with 2 rated High, and 18 rated Medium. More info. IBM  Security QRadar Analyst Workflow app for QRadar SIEM is vulnerable to using components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.A PyTorch vul...

New Alerts for Qualcomm, IBM, and Linux. Qualcomm  Qualcomm Monthly Patches are out, with 16 addressed vulnerabilities, 2 rated Critical, 12 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.8More info. IBM  Vulnerabilities in Golang Go affect Cloud Pak System Software. Highest CVSSv3 score of 9.8More info. Linux  Debian has ...

New Alerts for IBM and Juniper Networks. IBM  IBM Storage Protect Server uses IBM Db2 and is affected by multiple vulnerabilities including DoS, RCE, or loss of confidentiality, integrity or availability. CVSSv3 score of 9.8More info. Juniper  Multiple vulnerabilities have been resolved in Juniper Secure Analytics. Highest CVSSv3 score of...

The Cyber Threat Intelligence page, affectionately known as the Radar Page by some (or maybe just me), has been around for over 13 years.  See the Daily Mail article below for the sensational history.  :)  It has been through several redesigns, but retains a similar look and feel across the versions. Where to find the Radar Page: The...

New Alerts for Moxa, IBM, and Progress. Moxa  The OnCell G3150A-LTE Series is affected by multiple web application vulnerabilities caused by applying weak cryptographic algorithms and cipher suites. Successful exploitation could allow a remote attacker unauthorized access and unexpected user interaction with the web application. Highest CVSSv3...

New Alert for D-Link. D-Link  A security issue exists in D-Link D-View 8 prior that could allow a remote attacker to manipulate the probe inventory of the D-View service and result in the disclosure of information or DoS. Tenable rates this Critical.No response from D-Link to Tenable. PoC exists.More info. Security Wizardry Cyber Threat Intell...

New Alerts for BD, NetApp, and D-Link. BD  BD has published security patches for BACTEC FX40, Phoenix M50, Assurity Linc, Accuri C6 Plus, ViperLT, FocalPoint, BACTEC FX, and Totalys.More info. NetApp  NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score ...