Security Update for Chrome

chrome has a new security update according to CISA(Cybersecurity and Infrastructure Security Agency) post: Google has released Chrome version 103.0.5060.114 for Windows. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Official Google update: https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html This update includes 4 security fixes. Below, we highlight fixes that were contributed … Read more

Another Vulnerability in a Cloud Framework

Rapid7 has found a spring framework vulnerability called Spring4Shell   As usual a new vulnerability requires risk management to be reassessed.   https://nvd.nist.gov/vuln/detail/CVE-2022-22965  Leads to https://tanzu.vmware.com/security/cve-2022-22965 Which says the following information which is important. CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ Affected VMware Products and Versions Severity is critical unless otherwise noted. … Read more

APC UPS (Power Supplies) 3 Critical Vulnerabilities

Do you have an APC UPS(Uninterruptible Power Supply)? (Image above from Armis Research) I do not know which devices actually have these vulnerabilities, assuming Armis research is correct then it may be all devices that connect to the cloud. Armis Research found some vulnerabilities: Armis has discovered a set of three critical vulnerabilities in APC … Read more

Hackers Are Ruthless: Attack Red Cross Red Crescent 500k stolen Info

From Brian Krebs’ KrebsonSecurity  website: On Jan. 19, the ICRC disclosed the compromise of servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement. The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people … Read more

Log4J has been fixed by Apache Software foundation

Due to an actively exploited zero-day vulnerability: https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html This bug is a 10 of 10 on the CVSS rating from the article a snippet: Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects … Read more