security update Archives - Help Net Security

security update

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

February 1, 2023

Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which …

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)

January 31, 2023

QNAP Systems has fixed a critical vulnerability (CVE-2022-27596) affecting QNAP network-attached storage (NAS) devices, which could be exploited by remote attackers to inject …

Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records

January 30, 2023

Critical vulnerabilities discovered in OpenEMR can be chained to gain code execution on a server running a vulnerable version of the popular open-source electronic health …

Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704)

January 25, 2023

VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its …

Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)

January 24, 2023

Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component …

Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)

January 19, 2023

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest …

Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

January 18, 2023

Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and …

Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

January 10, 2023

To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one …

January 2023 Patch Tuesday forecast: Procrastinate at your own risk

January 6, 2023

The start of a new year means it’s time to start working towards achieving your annual resolutions. Based on the headlines from the December news media, perhaps the most …

Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)

December 13, 2022

It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by …

Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)

December 13, 2022

A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet …

Google Chrome zero-day exploited in the wild (CVE-2022-4262)

December 6, 2022

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the …

security update

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)

Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records

Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704)

Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)

Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)

Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

January 2023 Patch Tuesday forecast: Procrastinate at your own risk

Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)

Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)

Google Chrome zero-day exploited in the wild (CVE-2022-4262)

Don't miss

The emergence of trinity attacks on APIs

Hybrid cloud storage security challenges

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

Video walkthrough: Cybertech Tel Aviv 2023

Photos: Cybertech Tel Aviv 2023