CND News and Blog

New Alerts for IBM and Linux. IBM IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift. Highest CVSSv3 score of 9.8More info.IBM Integration Bus is vulnerable to arbitrary code execution due to json-schema. CVSSv3 score of 9.8More info. Linux  OpenSUSE has updated the kernel. More info.Ubuntu has updated the microcode...

New Alerts for AutomationDirect, HPE, Dell, IBM, NetApp, and Linux. AutomationDirect  AutomationDirect's DirectLOGIC with Ethernet Communication Modules contain several vulnerabilities, including Uncontrolled Resource Consumption and Cleartext Transmission of Sensitive Information. Successful exploitation of these vulnerabilities could cause a...

New Alerts for Cisco and IBM. Cisco  Cisco has published 7 new bulletins, 2 rated Critical, 1 High, and 4 Medium.More info.A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, and Cisco Email Security Appliance could allow an unauthenticated, remote attacker to bypass authentication and log in to ...

Monthly Patches are out for Microsoft and Adobe. New Alerts for AUMA, Hitachi Energy, Citrix, Salt, and Linux. Palo Alto Monthly Patches are expected out this afternoon. Microsoft  Microsoft Monthly Patches are out, with 60 patched vulnerabilities, 3 rated Critical. This includes a patch for the "Follina" MSDT vulnerability. Highest CVSSv3 sco...

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Mitsubishi Electric and Linux. Monthly Patches for Microsoft and Adobe are expected out this afternoon, and Monthly Patches for Palo Alto Networks are out tomorrow. SAP  SAP Security Patch Day includes 10 new Security Notes and 2 updated Security Notes. Of the new...

New Alerts for PHP, SICK, IBM, and Linux. PHP  A remote attacker can exploit several vulnerabilities in PHP to execute arbitrary code or cause a DoS.More info. And here. SICK  Multiple vulnerabilities in MySQL affect SICK Package Analytics, including Buffer-Overflow, Improper Access Control, and Improper Certification Validation. Highest ...

New Alerts for Google Chrome, Microsoft Edge, Moxa, Medtronic, and NetApp.  Google  Google has published an update for Chrome for Desktop, with 7 security fixes.More info. Microsoft  Microsoft has released the latest Microsoft Edge Stable Channel, which incorporates the latest security updates of the Chromium project.More info. Moxa&...

New Alerts for Festo, IBM, and Linux. Festo  The Festo controller CECC-X-M1 product family is affected by a preauthentication command injection vulnerability. CVSSv3 score of 9.8A fix is expected by the end of the month.More info. IBM  IBM Cognos Command Center is affected by multiple vulnerabilities in third-party software included with ...

Monthly Patches for Fortinet are out. New Alerts for GE Grid Solutions, HPE, Apache, InfiRay, and Linux. Fortinet  Fortinet Monthly Patches are out, with 7 new bulletins, 1 rated Critical, 3 rated High, and 3 Medium. Highest CVSSv3 score of 9.More info.Fortinet has updated Apache Airflow library to address security vulnerabilities that affect ...

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Dell, Mitsubishi Electric, Dräger, IBM, and Linux. Qualcomm  Qualcomm Monthly Patches are out with 19 vulnerabilities, 4 rated Critical and 15 rated High. Rhere are an additional 4 vulnerabilities in open source software, all rated Medium. Highest C...

New Alerts for Atlassian and Dell.                   Tomorrow is Mobile Monthly Patch day. Atlassian  Atlassian has patched the critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server.More info. Dell  Dell has published security updates for thi...

New Alerts for Confluence (Exploited 0-Day), Carrier LenelS2, Illumina, CODESYS, NetApp, and Linux. Atlassian 0-Day Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Patches are expected out today.More info. Carrier LenelS2&nb...

New Alerts for Mitsubishi Electric, IBM, Dell, and Linux. Mitsubishi Electric  DoS and RCE vulnerabilities exist in the Web function on MELSEC-Q and MELSEC-L Ethernet Interface Modules, and in the REST Server function on MELSEC iQ-R MES Interface Module. A remote attacker may cause a DoS or execute malicious code on target products by sending ...

New Alerts for Microsoft, Mozilla, IBM, CODESYS, and Linux. Microsoft  Microsoft has updated chromium-based Edge to fix the latest security vulnerabilities.More info.Microsoft has published a bulletin with workarounds for the vulnerability in the Diagnostic Tool.More info. And here. Mozilla  Mozilla has published updates to fix security v...

New Alert for Linux. Linux  Red Hat has updated the kernel. More info.Oracle Linux has updated rsyslog. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing v...

New Alerts for Microsoft (Exploit), IBM, NetApp, and Linux. Microsoft -  Exploit A vulnerability in Microsoft Office enables an attacker to fetch malicious code without detection in a multi-stage attack.More info. IBM  IBM Security Guardium has fixed multiple vulnerabilities by updating the Apache Thrift component. Highest CVSSv3 score of...

New Alerts for Keysight Technologies, Tenable, Hitachi, and Citrix. Keysight Technologies  Keysight N6854A Geolocation and server and N6841A Sensor software, a spectrum monitoring platform, contains two security vulnerabilities. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain arbitrary operating system ...

New Alerts for Dell, QNAP, NetApp, and Linux. Dell  Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this High.More info. QNAP  A CSRF vulnerability has been reported to affect QNAP NAS running Proxy Server. This vulnerability ...

New Alerts for Google Chrome, HPE, and Linux. Google  Google has updated Chrome for Desktop to fix 32 security vulnerabilities, including at least 1 rated Critical.More info.Microsoft is aware and working. More info. HPE  A potential security vulnerability in the Oracle Java SE may impact HPE IceWall products. The vulnerability could be e...

New Alerts for Dell, Zyxel, and Linux. Dell  Dell has updated VxRail to fix multiple vulnerabilities in third-party software included in the product. Dell rates this Critical.More info. And here.Dell PowerEdge Server has been updated for several vulnerabilities in AMD server. Dell rates this High.More info. Zyxel  Zyxel has published a se...