CND News and Blog

New Vulnerabilities Thursday 26 January
michele654
Vulnerabilities
New Alerts for ISC, Mitsubishi Electric, Tenable, and Linux.  ISC  ISC has published 4 new bulletins identifying DoS vulnerabilities in BIND 9. Highest CVSSv3 score of 7.5More info. Mitsubishi Electric  An authentication bypass vulnerability exists in the robot controller of industrial robot MELFA SD/SQ series and F-series. An attack...
New Vulnerabilities Wednesday 25 January
michele654
Vulnerabilities
New Alerts for VMware, Google Chrome, Apple, and Linux. VMware  Multiple vulnerabilities in VMware vRealize Log Insight could allow a remote attacker to collect sensitive information, achieve DoS, or perform RCE. Highest CVSSv3 score of 9.8More info. Google  Google has updated Chrome for Desktop to fix 6 security vulnerabilitiesm the most...
New Vulnerabilities Tuesday 24 January
michele654
Vulnerabilities
New Alerts for Crestron, Lexmark, Apple (Exploit), GE (Exploit), HCL Software, and Linux. Crestron  Crestron has patched the UC-engine product line for OpenSSL vulnerabilities. CVSSv3 score of 5.3More info. Lexmark  Lexmark has patched their printers to fix a vulnerability that allows an attacker to bypass protections on the device that p...
New Vulnerabilities Monday 23 January
michele654
Vulnerabilities
New Alerts for NetApp and Linux. NetApp  NetApp has published 9 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8 Only 1 bulletin includes patched software.More info. Linux  Mageia has updated the kernel and kernel firmware. More info. Security Wizardry Cyber Threat I...
New Vulnerabilities Friday 20 January
michele654
Vulnerabilities
New Alerts for TP-Link, Medtronic, BD, PowerDNS, Microsoft and Linux. TP-Link  TP-Link router WR710N-V1-151022 and Archer-C5-V2-160201 are susceptible to two vulnerabilities, including a buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a heap causing DoS or RCE, and a side-channel attac...
New Vulnerabilities Thursday 19 January
michele654
Vulnerabilities
New Alerts for Cisco, WithSecure, Mitel, and Wireshark. Cisco  A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. CVSSv3 score of 4.7More info. WithSecure  A DoS vulnera...
New Vulnerabilities Wednesday 18 January
michele654
Vulnerabilities
New Alerts for GE Digital, IBM, D-Link, Mozilla, Git, and Apache. GE Digital  GE Digital Proficy Historian contains multiple vulnerabilities, including Authentication Bypass using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Weak Encoding for Password. Successful exploitation of th...
Identifying Plagiarism Using AI Bots Like ChatGPT
Andy Cuff
Technical
For several months we have been seeing a huge interest in the capabilities of ChatGPT and with a high school teacher in the family, we have looked a little deeper in detecting it's use. At Computer Network Defence Ltd (CND) we will often test the resourcefulness of our new cyber security candidates by asking them to research a topic and d...
Spear Phishing - Cyber Attacks
Kelsey Chalmers
Technical
 We have all heard of Phishing attacks, where emails are used as bait to lure us into clicking on a link or opening an attachment. However, because we are now much wiser to the threat, attackers are having to work harder to lure us in by doing some research. These targeted phishing attacks are referred to as Spear Phishing, and humorously, if ...
New Vulnerabilities Tuesday 17 January
michele654
Vulnerabilities
Quarterly Patches for Oracle are out this afternoon. Pre-release notice is available. New Alerts for Mitsubishi Electric, IBM, and Linux. Mitsubishi Electric  An authorization bypass vulnerability exists in the WEB server function of the MELSEC iQ-F/iQ-R Series. An unauthenticated remote attacker may be able to access the WEB server function b...
New Vulnerabilities Monday 16 January
michele654
Vulnerabilities
New Alerts for Xerox, Google ChromeOS, and Linux. Xerox  Xerox has updated Xerox WorkCentre models to correct vulnerabilities including insecure password encryption, show embedded system accounts, and remove the ability to disable functionality.More info. Google  Google has published a security update for ChromeOS / ChromeOS Flex.More inf...
New Vulnerabilities Friday 13 January
michele654
Vulnerabilities
New Alerts for Sewio, InHand Networks, SAUTER, Microsoft Edge, IBM, NetApp, and Linux. Sewio  RTLS Studio contains multiple vulnerabilities, including Use of Hard-coded Password, OS Command Injection, Out-of-bounds Write, Cross-Site Request Forgery, Improper Input Validation, and Cross-site Scripting. Highest CVSSv3 score of 10.More info. InHa...
New Vulnerabilities Thursday 12 January
michele654
Vulnerabilities
Quarterly Patches are out for Juniper Networks. New Alerts for Cisco, WAGO, IBM, Zyxel, and Linux. Cisco  Cisco has published 11 new bulletins, 1 Critical, 3 High, and the rest Medium. Highest CVSSv3 score of 9.0More info.Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Rout...
New Vulnerabilities Wednesday 11 January
michele654
Vulnerabilities
New Alerts for Google Chrome, Moxa, Westermo, MAHO-PBX, NetApp, Western Digital, Black Box, and Linux. Google  Google has updated Chrome for Desktop to fix 17 security vulnerabilities.More info.Microsoft is aware. More info. Moxa  TN-4900 Series contains a Use of Hard-coded Credentials vulnerability that allows an attacker to gain privile...
New Vulnerabilities Tuesday 10 January
michele654
Vulnerabilities
Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for IBM, BD, and Linux. UPDATED TO ADD: Monthly Patches for Microsoft and Adobe are out now. Palo Alto Networks Monthly Patches are expected tomorrow. Microsoft  Microsoft Monthly Patches include 98 vulnerabilities, 11 rated Critical (7 of which allow RCE), 1 pub...
New Vulnerabilities Monday 09 January
michele654
Vulnerabilities
New Alerts for IBM and Synology. IBM  Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Highest CVSSv3 score of 9.8More info. And here. Synology  A vulnerability allows remote attackers to possibl6 execute arbitrary commands via a susceptible version of Synology VPN Plus Server. CVSSv3 score of 10M...

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.