LINK If you have an Apple device, time to schedule updates.
Category: Updates
QNAP Devices affected by Dirty Pipe Linux Flaw
LINK If you have QNAP devices…time to update.
Vulnerability Summary for the Week of March 7, 2022
LINK A new update from CISA
Critical Vulnerabilities Patched in Veeam Data Backup Solution
LINK Veeam over the weekend announced patches for two critical vulnerabilities impacting Backup & Replication, a backup solution for virtual environments. The application provides data backup and restore capabilities for virtual machines running on Hyper-V, vSphere, and Nutanix AHV, as well as for servers and workstations, and for cloud-based workloads. Tracked as CVE-2022-26500 and CVE-2022-26501 […]
Multiple Security Flaws Discovered in Popular Software Package Managers
LINK Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. Composer 1.x < 1.10.23 and 2.x < 2.1.9 Bundler < 2.2.33 Bower < 1.8.13 Poetry < 1.1.9 Yarn < 1.22.13 […]
High-Severity Vulnerabilities Patched in Omron PLC Programming Software
LINK Several high-severity vulnerabilities that can be exploited for remote code execution were patched recently in the CX-Programmer software of Japanese electronics giant Omron. An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8.
AternityAternity (Riverbed spinoff) releases numerous Emergency Updates
LINK Four bugs rated as critical have been patched.
Flaw in Linux Kernel Could Allow Code Execution
LINK A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic.
Spectre/Meltdown The Sequel – New Attacks bypassing mitigations
LINK
New/Updated CISA Conti Ransomware Details and IOCs
LINK