LINK If you have an Apple device, time to schedule updates.
LINK If you have QNAP devices…time to update.
LINK A new update from CISA
LINK Veeam over the weekend announced patches for two critical vulnerabilities impacting Backup & Replication, a backup solution for virtual environments. The application provides data backup and restore capabilities for virtual machines running on Hyper-V, vSphere, and Nutanix AHV, as well as for servers and workstations, and for cloud-based workloads. Tracked as CVE-2022-26500 and CVE-2022-26501 […]
LINK Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. Composer 1.x < 1.10.23 and 2.x < 2.1.9 Bundler < 2.2.33 Bower < 1.8.13 Poetry < 1.1.9 Yarn < 1.22.13 […]
LINK Several high-severity vulnerabilities that can be exploited for remote code execution were patched recently in the CX-Programmer software of Japanese electronics giant Omron. An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8.
LINK Four bugs rated as critical have been patched.
LINK A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic.