CND News and Blog

New Alerts for Trellix, ICL (Exploit), Microsoft, IBM, and Open vSwitch. Trellix  ePolicy Orchestrator (ePO) contains a vulnerability in APR-util that allows an attacker to write beyond bounds of a buffer. CVSSv3 score of 9.8More info. ICL Exploit On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices, remote attackers can overwrite, delet...

Monthly Patches are out for MediaTek. New Alerts for Cisco, NetApp, WithSecure, Mitel, and Linux.  Cisco  Cisco has published 13 new bulletins. 3 rated High, 9 rated Medium, 1 Informational. Highest CVSSv3 score of 8.8More info.A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow a re...

New Alerts for Sophos, Google Chrome, Dell, and Nexx. Sophos  Sophos Web Appliance has been updated to fix 3 vulnerabilities, one of them rated Critical and allowing a remote attacker to obtain RCE. Highest CVSSv3 score of 9.8More info. Google  Google has published an update for Chrome for Desktop with 16 security fixes included. More inf...

Monthly Patches are out for Google Android, Google Automotive, and Samsung Mobile. New Alerts for Samsung Semiconductor, HP, WithSecure, Ivanti Apache, and Linux. Google  Android Monthly Patches are out, with 30 patched vulnerabilities with 2 rated Critical, plus Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm updates.More info.A...

Monthly Patches are out for Qualcomm. New Alerts for ABB, IBM, and Linux. ABB A vulnerability regarding the exposure of sensitive information over the Flow-X web API has been reported. A remote attacker could exploit this vulnerability to obtain an overview of the usernames which can login into the device and device information. CVSSv3 score of 5.3...

New Alerts for Contec, Apple, IBM, NetApp, and Linux. Contec  Contec has identified several vulnerabilities in its CONPROSYS HMI System (CHS) Web HMI/SCADA software. These vulnerabilities could be exploited by a remote attacker to steal information. CVSSv3 score of 7.5More info. Apple  Apple has published an update for Xcode that fixes tw...

New Alerts for Samba, QNAP, Veritas, 3CX (Exploit), and Linux. Samba  Samba has published 3 new bulletins, highest CVSSv3 score of 7.7More info.Samba will send password information over unencrypted sessions. CVSSv3 score of 5.9More info. QNAP  QNAP is updating their products for the Samba vulnerabilities.More info. Veritas  Veritas h...

New Alerts for PowerDNS, Mozilla Thunderbird, Tenable, and Linux. PowerDNS  When the recursor detects and deters a spoofing attempt or receives certain malformed DNS packets, it throttles the server that was the target of the impersonation attempt. Unfortunately this mechanism can be used by an attacker with the ability to send queries to the ...

New Alerts for Apple (Exploit), APsystems, Hitachi Energy, Dell, and Linux. Apple Exploit Apple has published updates for Studio Display firmware, Safari, iOS, iPadOS, watchOS, tvOS, and macOS. Three vulnerabilities are rated Critical, with one in WebKit being exploited.More info. APsystems  There is a security vulnerability in Altenergy Power...

New Alerts for BD, Microsoft Edge, Microsoft "Acropalypse", IBM, NetApp, and Linux. BD  BD has published updates for vulnerabilities in third-party software included in Synapsys and BD MAX.More info. Microsoft  Microsoft has updated Edge with the latest chromium security fixes.More info.Microsoft has patched the "Acropalypse" bug in their...

New Alerts for ManageEngine, ProPump & Controls, SAUTER, IBM, Xerox, Tenable, and Linux. ManageEngine  ManageEngine ADSelfService Plus pertains to an OTP–brute-force issue in the Password Sync Agent that could affect integrated third-party applications. Attackers could exploit this vulnerability using specialized, highly sophisticated mach...

New Alerts for Microsoft (0-Day, Acropalypse), Cisco, Varta Storage, Meinberg, OpenSSL, and Philips.  Microsoft 0-Day The vulnerability dubbed "Acropalypse" originally identified and fixed in Pixel has now cropped up (see what we did there) in Windows 11's Snipping Tool and Windows 10's Snip & Sketch tool. When editing a saved screenshot a...

New Alerts for Rockwell Automation, Delta Electronics, Google Chrome, Dell, Apache Tomcat, Veritas, and Linux. Rockwell Automation  Vulnerabilities were discovered in the ThinManager ThinServer software. Successful exploitation of this vulnerability could allow an attacker to potentially perform remote code execution on the target or crash the...

New Alerts for IBM and Linux. IBM  IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities. Highest CVSSv3 score of 9.9More info. Linux  Red Hat has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mo...

New Alerts for Unify, Google Pixel (Exploit), D-Link, curl, and Linux. Unify  Three command injection vulnerabilities have been identified in the Atos Unify OpenScape 4000 Platform and the Atos Unify OpenScape 4000 Manager Platform. A remote attacker can run arbitrary commands on the platform operating system and get administrative access to t...

New Alerts for Honeywell, Samsung (0-Day), IBM, NetApp, BD, and Linux. Honeywell  Honeywell OneWireless Wireless Device Manager contains several vulnerabilities, including Command Injection, Use of Insufficiently Random Values, and Missing Authentication for Critical Function. Highest CVSSv3 score of 9.8More info. Samsung 0-Day Eighteen 0-day ...

New Alerts for Rockwell Automation, IBM, NETGEAR, Mozilla Thunderbird, and Linux. Rockwell Automation  Modbus TCP Server Add-On Instructions (AOI) for ControlLogix and CompactLogix controllers contains a vulnerability that would allow a remote attacker to gain information when the Modbus TCP Server AOI accepts a malformed request. CVSSv3 score...

Monthly Patches are out for Microsoft and Adobe. New Alerts for AVEVA, Moxa, Aruba, and Mozilla.   Palo Alto Networks patches are expected this afternoon. Microsoft - Exploit Microsoft Monthly Patches include 76 vulnerabiltiies, 9 rated Critical and 2 are being Exploited. Highest CVSSv3 score of 9.8More info. And here.There is a RCE affecting ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Microsoft Edge, Phoenix Contact, and Omron.     Monthly Patches for Microsoft and Adobe should be out this afternoon.    Palo Alto Networks Monthly Patches are due tomorrow.  Siemens  Siemens Monthly Patches are out, with 7 new bulletins a...

Updates for Dell and Linux. Tomorrow is Patch Tuesday. Dell  Dell VxRail remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.More info. Linux  Red Hat has updated kpatch. More info.Mageia has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar ...