It's Mobile Monthly Patch day, with patches for Qualcomm, Google Android, Google Pixel, and Samsung. New Alert for Google ChromeOS LTS.  Qualcomm  Monthly Patches are out, with 23 bulletins, 4 rated Critical and 19 rated High. Highest CVSSv3 score of 9.8More info. Google  Android Monthly Patches are out with 23 vulnerabilities, all r...

Monthly Patches are out for MediaTek. New Alerts for GE Digital, IBM, and Dell.    Monthly Patches for Qualcomm are expected this afternoon, and tomorrow should bring Monthly Patches for Google Android, Samsung, and Quarterly Patches for Splunk. GE Digital  GE Digital Proficy Historian Software contains Authentication, Access Control...

New Alerts for Biacells, B&R, NetApp, and Microsoft Edge. Biacells  Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. CVSSv3 score of 9.8More info. And her...

New Alerts for Cisco, Atlassian Jira, Moxa, Mitsubishi Electric, Dell, Nagios, OpenSSH, F5, and IBM. Cisco  Cisco has published 5 new bulletins. Highest CVSSv3 score of 7.2More info.A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote...

New Alerts for HPE, VMware, and Cacti. HPE  HPE OneView contains a Use After Free vulnerability in Expat. CVSSv3 score of 9.8More info. VMware  vRealize Operations (vROps) contains a CSRF bypass vulnerability. CVSSv3 score of 6.5More info.Exploit code is out for the Jan 24 Critical bulletin.More info. Cacti  A command injection vulne...

New Alerts for Dell, Hitachi, Trend Micro, and Linux. Dell  Dell has updated PowerFlex Appliance and PowerFlex Rack to fix multiple vulnerabilities in third-party components. Dell rates these Critical.More info. And here. Updates are available for Dell Unity, Dell UnityVSA, and Dell Unity XT to correct multiple security vulnerabilities that ma...

New Alerts for IBM, QNAP, NetApp, and Linux. IBM  Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps. Highest CVSSv3 score of 9.8More info. QNAP  A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious c...

New Alerts for Rockwell Automation, Econolite, Microsoft PPTP, Microsoft Edge, IBM, and HCL Software. Rockwell Automation  Rockwell Automation is aware of multiple products that are affected by vulnerabilities in the GoAhead web server. Exploitation of these vulnerabilities could potentially have a high impact on the confidentiality, integrity...

New Alerts for ISC, Mitsubishi Electric, Tenable, and Linux.  ISC  ISC has published 4 new bulletins identifying DoS vulnerabilities in BIND 9. Highest CVSSv3 score of 7.5More info. Mitsubishi Electric  An authentication bypass vulnerability exists in the robot controller of industrial robot MELFA SD/SQ series and F-series. An attack...

New Alerts for VMware, Google Chrome, Apple, and Linux. VMware  Multiple vulnerabilities in VMware vRealize Log Insight could allow a remote attacker to collect sensitive information, achieve DoS, or perform RCE. Highest CVSSv3 score of 9.8More info. Google  Google has updated Chrome for Desktop to fix 6 security vulnerabilitiesm the most...

New Alerts for Crestron, Lexmark, Apple (Exploit), GE (Exploit), HCL Software, and Linux. Crestron  Crestron has patched the UC-engine product line for OpenSSL vulnerabilities. CVSSv3 score of 5.3More info. Lexmark  Lexmark has patched their printers to fix a vulnerability that allows an attacker to bypass protections on the device that p...

New Alerts for NetApp and Linux. NetApp  NetApp has published 9 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8 Only 1 bulletin includes patched software.More info. Linux  Mageia has updated the kernel and kernel firmware. More info. Security Wizardry Cyber Threat I...

New Alerts for TP-Link, Medtronic, BD, PowerDNS, Microsoft and Linux. TP-Link  TP-Link router WR710N-V1-151022 and Archer-C5-V2-160201 are susceptible to two vulnerabilities, including a buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a heap causing DoS or RCE, and a side-channel attac...

New Alerts for Cisco, WithSecure, Mitel, and Wireshark. Cisco  A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. CVSSv3 score of 4.7More info. WithSecure  A DoS vulnera...

New Alerts for GE Digital, IBM, D-Link, Mozilla, Git, and Apache. GE Digital  GE Digital Proficy Historian contains multiple vulnerabilities, including Authentication Bypass using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Weak Encoding for Password. Successful exploitation of th...

For several months we have been seeing a huge interest in the capabilities of ChatGPT and with a high school teacher in the family, we have looked a little deeper in detecting it's use. At Computer Network Defence Ltd (CND) we will often test the resourcefulness of our new cyber security candidates by asking them to research a topic and d...