CND News and Blog

New Alerts for Phoenix Contact, Mitsubishi Electric, Moxa, Google ChromeOS, and Linux. Phoenix Contact  A denial of service of the HTTPS management interface of FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections, incoming from different source IPs. CVSSv3 score of 7.5More info. And here. Mi...

New Alerts for IBM and Linux. A welcome quiet after a busy couple of weeks. IBM  A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8More info. Linux  Alpine Linux has released version 3.16.3. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry....

New Alerts for Omron, Moxa, Belden, Microsoft Edge, Dell, NetApp, and Linux. Omron  An Active Debug Code vulnerability exists in the NJ/NX-series Machine Automation Controllers. A remote attacker can illegally access the controllers and use the vulnerability to cause a DoS or RCE. CVSSv3 score of 8.3More info. And here.Use of Hard-coded Creden...

New Alerts for Apple, IBM, Cisco, Hitachi, Tenable, and Linux. Apple  Apple has published updates for iOS, iPadOS, and macOS Ventura that fixes vulnerabilities in libxml2.More info. And here. And here. IBM  IBM QRadar Network Packet Capture, IBM QRadar Assistant app for IBM QRadar SIEM, IBM Cloud Pak for Security, includes components with...

Monthly Patches are out for Microsoft. New Alerts for Intel, Citrix, VMware, Google Chrome, Veeam, Brocade, and Linux.        Adobe had no Monthly Patches this cycle.     Palo Alto Network Monthly Patches should be out this afternoon. Microsoft Exploit Monthly Patches are out, with 68 vulnerabilitie...

Monthly Patches are out for Siemens, Schneider Electric, Qualcomm, Google Android, Google Pixel, Samsung, and SAP. New Alerts for NETGEAR and Linux.       This afternoon Microsoft and Adobe Monthly Patches should be out.  Tomorrow is Palo Alto Networks. Schneider Electric  Monthly Patches are out, with 1 new bulletin a...

Monthly Product Security Bulletin is out for Mediatek. New Alerts for Wiesemann & Theis, NetApp, and NETGEAR.   Because last week's Tuesday was the 1st, and Qualcomm publishes their monthly bulletin on the first Monday, Tomorrow is Monthly Patch Day for 8 vendors, including Qualcomm, Google Android, Samsung, Microsoft, Adobe, SAP, Siemens,...

New Alerts for ETIC Telecom, Tenable, IBM, Dell, VMware, and Linux. ETIC Telecom  ETIC Telecom Remote Access Server contains several vulnerabilities, including Insufficient Verification of Data Authenticity, Path Traversal, and Unrestricted Upload of File with Dangerous Type. Successful exploitation of these vulnerabilities could allow an atta...

Quarterly Patches are out for Splunk. New Alerts for Cisco, CODESYS, SICK, IBM, PHP, and HCL Software. Cisco  Cisco has published 11 new bulletins, 4 rated High and 7 rated Medium. Highest CVSSv3 score of 8.8More info. A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attac...

Monthly Patches are out for Fortinet. New Alerts for OpenSSL, Dell, Google LTS ChromeOS, and Linux.      Splunk Quarterly Patches were pushed to today. OpenSSL  OpenSSL released version 3.0.7, which patches two related vulnerabilities rated as High. Although originally rated Critical, it was determined the complexity to exploit ...

New Alerts for Microsoft Edge (Exploit), Hitachi, ClamAV, VMware, Apache, Kaspersky, and Linux. Microsoft  Microsoft has updated Edge to include the latest chromium fix for an actively exploited vulnerability.More info. Hitachi  Hitachi has updated NetBackup in JP1/VERITAS. More info. ClamAV  ClamAV has updated to fix 3 vulnerabiliti...

New Alerts for IBM, Dell, NetApp, and PHP. Tomorrow will see the release of the Critical OpenSSL 3.x update.  This affects so many products, watch for everyone to be updating for OpenSSL, while it begins to be exploited once details are released.  See the link below.Splunk Quarterly Patches are expected tomorrow as well. IBM  Multipl...

New Alerts for Trihedral, Rockwell Automation, Google Chrome (Exploit), Microsoft Edge, Apple iOS (Exploit), Dell, and IBM. Trihedral  Trihedral VTScada contains an Improper Input Validation vulnerability that allows a remote attacker to cause a DoS. CVSSv3 score of 7.5.More info. Rockwell Automation  A vulnerability in FactoryTalk Alarms...

New Alerts for Dell, HP, Wireshark, Nessus, and Linux. Dell  Dell PowerStore Family remediation is available for multiple security vulnerabilities that could be exploited by remote attackers to compromise the affected system. Dell rates this Critical.More info. HP  Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Do...

New Alerts for Google Chrome, VMware, IBM, Johnson Controls, Aruba, SICK, Haas Automation, Delta Electronics, HEIDENHAIN, curl, and Linux. GoogleGoogle has updated Chrome for Desktop with fixes for 14 security vulerabilities.More info. VMware  VMware Cloud Foundation has been updated to correct multiple vulnerabilities, including an RCE in XSt...

New Alerts for Apple (Exploit), InHand Networks, IBM, Hitachi, and Linux. Apple Exploit Apple has patched Safari, iOS and iPadOS, MacOS, tvOS, and watchOS. There are 106 vulnerabilities. At least one has been actively exploited.More info. And here. InHand Networks  InHand Networks has confirmed vulnerabilities impacting Industrial Router IR302...

New Alerts for IBM and Linux. IBM  Security vulnerabilities in Ruby on Rails and node.js yup affect IBM Cloud Pak for Multicloud Management Infrastructure Management. CVSSv3 score of 9.8More info. And here. Linux  SUSE has updated the kernel. More info.OpenSUSE has updated the kernel. More info.Oracle Linux has updated the kernel. More in...

New Alerts for Siemens, BD, NetApp, and Linux. Siemens  The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account. CVSSv3 score of 9.4More info. BD  BD has published third-party software upda...

New Alerts for Meinberg, Synology, WithSecure, and Linux. Meinberg  LANTIME Firmware contains two vulnerabilities, one rated Critical and one rated High. Highest CVSSv3 score of 9.8More info. Synology  Multiple vulnerabilities allow remote attackers to obtain sensitive information or execute arbitrary commands via a susceptible version of...

Quarterly Patches for F5 are out. New Alerts for BD, Adobe, Advantech, Mozilla, Bosch, IBM, and Linux. F5  F5 Quarterly Patches are out, with 12 patches rated High, 5 rated Medium, 1 rated Low, and 1 listed as a Security Exposure. Highest CVSSv3 score of 9.1More info. BD  BD Keistra products have been updated with Microsoft and third-part...