Microsoft July 2023 Patch Tuesday Round Up
On July 11th 2023, Microsoft released their July Patch Tuesday and revealed 130 new CVEs, 5 of them are classified as “Exploitation Detected” by Microsoft and 4 of them added to the CISA KEV Catalog. The vulnerabilities affect popular platforms such as Windows SmartScreen, Microsoft Office, Microsoft Office Outlook, Windows ... Read More
Widespread Exploitation Continues: MOVEit CVE-2023-34362 Leaves Organizations at Risk
MOVEit CVE-2023-34362 is a Critical SQL Injection vulnerability rated 9.8. It affects all versions of Progress Software’s managed file transfer (MFT) solution, MOVEit Transfer. This vulnerability has the potential to grant unauthorized access. For in-depth information about the vulnerability, including mitigation measures, incident response, and the attack surface, refer to our ... Read More
What You Need to Know About StackRot – CVE-2023-3269
StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after-free vulnerability in the Linux kernel versions 6.1 to 6.4 that can lead to privilege escalation. The vulnerability, which was disclosed by Ruihan Li who also released detailed information about it, is caused by a change in the VMA (Virtual Memory Address) ... Read More
Microsoft June “Patch Tuesday” Addresses 73 Vulnerabilities
On June 13th, Microsoft released their June. 2023 Patch Tuesday Security Updates and revealed 73 CVEs and 22 other non-Microsoft CVEs, one of which is known to be exploited in the wild. The vulnerabilities affect popular platforms such as .Net and Visual Studio, Office SharePoint, Office Excel, Windows GPM, Microsoft ... Read More
The Conflict Between Operational Risk and Security Risk
Let’s talk about operational risk and security risk. In the dynamic world of software development, a persistent tension exists between developers and security professionals when it comes to managing operational risk and security risk. Developers prioritize avoiding code disruptions, leading them to implement measures like version locking and reluctance to ... Read More
Critical PaperCut Vulnerability CVE-2023-27350 Exploited by Threat Actors
In this blog post, we detail PaperCut Vulnerability CVE-2023-27350. On March 8th, PaperCut released new versions that contained security updates and addressed two recently discovered CVEs – CVE-2023-27351 and CVE-2023-27350. Today, we will focus on CVE-2023-27350, which was reported by the Zero Day Initiative (ZDI-23-233). This vulnerability is a critical ... Read More
Patch Tuesday May 2023: Microsoft Addresses 49 Vulnerabilities
On May 9th 2023, Microsoft released their May Patch Tuesday and revealed 38 vulnerabilities fixes, 11 vulnerabilities fixes published on May 5th (9 of them are in the Microsoft Edge (Chromium-based, non-Microsoft CVEs) ) and 14 updates to old CVEs. The vulnerabilities affect popular platforms such as Microsoft Edge , ... Read More
Apache Superset RCE Vulnerability CVE-2023-27524 Highlights Ongoing Issues with Flask AppBuilder, Joining List of Previously Discovered CVEs
On Apr 24, 2023 Naveen Sunkavally, Chief Architect at Horizon3.ai, announced the discovery of a new vulnerability, CVE-2023-27524, in Apache Superset and wrote comprehensively about the whole process. The vulnerability was caused by an insecure default configuration in the application. This is not the first time this type of vulnerability ... Read More
April 2023 Patch Tuesday: 114 Vulnerability Fixes Released, Including One Actively Exploited in the Wild
On April 11th, 2023, Microsoft released their April Patch Tuesday roundup, which includes 114 new vulnerability fixes and 4 updates for existing CVEs. Of these fixes, 17 were published on April 6th and 97 were published on April 11th. One of the vulnerabilities has already been exploited in the wild. ... Read More
ChatGPT Vulnerability: Redis Vulnerability Exposes User Payment Data
OpenAI’s ChatGPT was forced to halt service for a few hours earlier this week in order to fix an issue in an open-source library. The vulnerability may have exposed some users’ payment data. The company published a blog post on March 24, 2023, explaining what lead to the data breach ... Read More