CVE-2022-42843

CVE-2022-42843 is an information-disclosure vulnerability fixed in Apple OS updates. According to the provided documents, applying updates to iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2 mitigates the issue, which allowed a user to view sensitive user information. The ...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers, such as Modicon M340 and Modicon Quantum/Premium, arises from insufficient protection of operational data. This allows attackers to gain unauthorized access to protected information.

The vulnerability of microprogrammed software in Schneider Electric Modicon M340 and Modicon Quantum/Premium programmable logic controllers is related to insufficient protection of operational data. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to...

4 things to look for in a multicloud data protection solution

What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and edge clouds—to distribute applications and services...

4 things to look for in a multicloud data protection solution

What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and edge clouds—to distribute applications and services...

December 13, 2022—KB5021234 (OS Build 22000.1335)

December 13, 2022—KB5021234 OS Build 22000.1335 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...

December 13, 2022—KB5021255 (OS Build 22621.963)

December 13, 2022—KB5021255 OS Build 22621.963 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...

PT-2022-5882 · Microsoft · Windows Bluetooth Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bluetooth Driver affected versions not specified Description: The issue is related to insufficient protection of system data in the Windows Bluetooth Driver, which can allow an attacker to gain unauthorized access to protected...

PT-2022-26621 · Apple · Macos Ventura +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.2 iPadOS versions prior to 16.2 macOS Ventura versions prior to 13.1 tvOS versions prior to 16.2 watchOS versions prior to 9.2 Description: This issue allows a user to potentially view sensitive user information due t...

About the security content of macOS Ventura 13.1

About the security content of macOS Ventura 13.1 This document describes the security content of macOS Ventura 13.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

About the security content of tvOS 16.2

About the security content of tvOS 16.2 This document describes the security content of tvOS 16.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Apple Is Finally Encrypting iCloud Backups

After way too many years, Apple is finally encrypting iCloud backups: Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos,...

CVE-2022-43515 X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

The vulnerability of the endpoint protection module of the Anti-Ransomware analysis tool for network traffic, network detection, and response of the Cortex XDR Agent on Windows operating systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the endpoint protection module of the Anti-Ransomware analysis tool for network traffic, network detection, and response of the Cortex XDR Agent on Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow...

CVE-2022-29839

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Clou...

Apple announces 3 new security features

Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023...

CVE-2022-29839 Remote Backups Application Discloses Stored Credentials

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Clou...

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted E2EE data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and...

The vulnerability of the Windows operating system’s Web Account Manager allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows operating system’s Web Account Manager is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-43515

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

PT-2022-6244 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient protection of service data in the implementation of the application programming interface of the AMI MegaRAC firmware controllers for remote...