![Apple iPad Pro 9.7" 32GB , Silver (Wi-Fi Only) [A1673] Bundle – Updates to IOS 16 for $199](https://i0.wp.com/www.ihash.eu/wp-content/uploads/2023/03/Apple-iPad-Pro-97quot-32GB-Silver-Wi-Fi-Only-A1673.jpg?resize=630%2C420&ssl=1)
Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it … [Read more...] about Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
Vulnerabilities
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a … [Read more...] about OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The … [Read more...] about Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Threat Trends: Vulnerabilities – Cisco Blogs
Explore the nature of vulnerabilities in this episode of ThreatWise TV. It’s shaping up to be another big year for vulnerability disclosure. Already the number of Common Vulnerabilities and Exposures (CVEs) disclosed has crossed 18,000 and it’s on track to make this another record-breaking year. With new CVEs being disclosed daily, it has become increasingly difficult for … [Read more...] about Threat Trends: Vulnerabilities – Cisco Blogs
Microsoft patches 64 vulnerabilities, one being exploited
Microsoft’s vulnerability hunters have presented a fresh catch: 64 vulnerabilities in its various products and services — five of which are critical. Two vulnerabilities were publicly disclosed before the patch was released (which technically makes them zero-days), and one is being actively exploited by attackers. As usual, we recommend installing updates with no delay. In the … [Read more...] about Microsoft patches 64 vulnerabilities, one being exploited
New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps
Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security … [Read more...] about New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to … [Read more...] about ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used … [Read more...] about New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
128 vulnerabilities in Microsoft products
In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a good idea update the operating system and other products as soon … [Read more...] about 128 vulnerabilities in Microsoft products
Microsoft patches about 100 vulnerabilities, 9 of them critical
Microsoft started the year with a massive vulnerability fix, releasing not only its regular first-Tuesday update, which this time covers a total of 96 vulnerabilities, but also issuing a bunch of fixes for the Microsoft Edge browser (mainly related to the Chromium engine). That makes more than 120 vulnerabilities patched since the beginning of the year. This is a clear reason … [Read more...] about Microsoft patches about 100 vulnerabilities, 9 of them critical