Microsoft Patch Tuesday, March 2023 Edition

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The...

Solaris 10 (x86) : 119784-50

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Syxsense Platform: Unified Security and Endpoint Management

As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those...

A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report

Each year, the research team at Rapid7 analyzes thousands of vulnerabilities in order to identify their root causes, broaden understanding of attacker behavior, and provide actionable intelligence that guides security professionals at critical moments. Our annual Vulnerability Intelligence Report...

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...

Chip company loses $250m after ransomware hits supply chain

Applied Materials, one of the worlds leading suppliers of equipment, services, and software for the manufacture of semiconductors, has warned that its second-quarter sales are likely to be hurt to the tune of $250 million due to a cybersecurity attack at one of its suppliers. MKS Instruments Inc...

Don’t forget about risk remediation of your macOS assets

Employees love for Macs has propelled tremendous growth for Apple. According to a recent study by Parallels, 55% of businesses use Mac devices themselves or explicitly approve of their use within the company. It is hard to believe Macs have been around for almost 4 decades. Largely introduced to...

macOS Patching Is Here!

In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, bu...

How the CISA catalog of vulnerabilities can help your organization

The Cybersecurity and Infrastructure Security Agency CISA maintains a "known exploited vulnerabilities catalog" which can be useful if you need help prioritizing the patching of vulnerabilities. In essence it is a long list of vulnerabilities that are actually being used by criminals to do harm,...

Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge

Welcome to this weeks edition of the Threat Source newsletter. Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isnt just about money. So I am going ...

PT-2023-9230 · Vipre · Vipre Advanced Security

Name of the Vulnerable Software and Affected Versions: VIPRE Advanced Security affected versions not specified Description: The issue is related to the Patch Management Agent component of VIPRE Advanced Security, which incorrectly handles symbolic links before accessing a file. This allows an...

PT-2023-9229 · Unknown · Vipre Advanced Security

Name of the Vulnerable Software and Affected Versions: VIPRE Advanced Security affected versions not specified Description: The issue is related to the Patch Management Agent component of VIPRE Advanced Security, which is affected by an uncontrolled search path element vulnerability. This...

The Bug Report December 2022 Edition

The Bug Report — December 2022 Edition By Trellix · January 4, 2023 This story was also written by John Borrero Rodriguez Everyone gets it Why am I here? Ho Ho Ho! Welcome back to the Bug Report, or a more fitting name for this time of year: The NAUGHTY List! Yes, we checked it twice. It is no...

Implement Risk-Based Vulnerability Management with Qualys TruRisk™: Part 3

In this final blog of the series, we will discuss the importance of implementing effective risk-based remediation strategies to reduce the risk of vulnerabilities being exploited in your environment. In the earlier blogs, we covered how to operationalize Qualys TruRisk and to effectively visualiz...

A Guide to Efficient Patch Management with Action1

It's no secret that keeping software up to date is one of the key best practices in cybersecurity. Software vulnerabilities are being discovered almost weekly these days. The longer it takes IT teams to apply updates issued by developers to patch these security flaws, the more time attackers have...

Cyber Security Is Not a Losing Game – If You Start Right Now

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack. As usual, everyone cried "foul play" and suggested that proper...

The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend

Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug CVE-2022-4262; QID 377804 is a Type Confusion vulnerabili...

Drop What You're Doing and Update iOS, Android, and Windows

Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP...

Don’t Spend Your Holiday Season Patching Chrome

As we come back from our Thanksgiving holidays, Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that exists in the wild. This is the eighth Chrome zero-day fixed this year by Google. This security bug CVE-2022-4135; QID...

QSC 2022: That’s a Wrap!

Over the years, the threat landscape has exploded, and bad actors have become increasingly sophisticated, making the demand for cloud security platforms - that save security teams time and increase efficiency - a must-have for every cyber arsenal. This was underscored last week at QSC 2022 Las...