Ofri Ouzan

Rezilion

On July 11th 2023, Microsoft released their July Patch Tuesday and revealed 130 new CVEs, 5 of them are classified as “Exploitation Detected” by Microsoft and 4 of them added to the CISA KEV Catalog. The vulnerabilities affect popular platforms such as Windows SmartScreen, Microsoft Office, Microsoft Office Outlook, Windows ... Read More

MOVEit CVE-2023-34362 is a Critical SQL Injection vulnerability rated 9.8. It affects all versions of Progress Software’s managed file transfer (MFT) solution, MOVEit Transfer. This vulnerability has the potential to grant unauthorized access. For in-depth information about the vulnerability, including mitigation measures, incident response, and the attack surface, refer to our ... Read More

StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after-free vulnerability in the Linux kernel versions 6.1 to 6.4 that can lead to privilege escalation. The vulnerability, which was disclosed by Ruihan Li who also released detailed information about it, is caused by a change in the VMA (Virtual Memory Address) ... Read More

On June 13th, Microsoft released their June. 2023 Patch Tuesday Security Updates and revealed 73 CVEs and 22 other non-Microsoft CVEs, one of which is known to be exploited in the wild. The vulnerabilities affect popular platforms such as .Net and Visual Studio, Office SharePoint, Office Excel, Windows GPM, Microsoft ... Read More

Let’s talk about operational risk and security risk. In the dynamic world of software development, a persistent tension exists between developers and security professionals when it comes to managing operational risk and security risk. Developers prioritize avoiding code disruptions, leading them to implement measures like version locking and reluctance to ... Read More

In this blog post, we detail PaperCut Vulnerability CVE-2023-27350. On March 8th, PaperCut released new versions that contained security updates and addressed two recently discovered CVEs – CVE-2023-27351 and CVE-2023-27350. Today, we will focus on CVE-2023-27350, which was reported by the Zero Day Initiative (ZDI-23-233). This vulnerability is a critical ... Read More

On May 9th 2023, Microsoft released their May Patch Tuesday and revealed 38 vulnerabilities fixes, 11 vulnerabilities fixes published on May 5th (9 of them are in the Microsoft Edge (Chromium-based, non-Microsoft CVEs) ) and 14 updates to old CVEs. The vulnerabilities affect popular platforms such as Microsoft Edge , ... Read More

On Apr 24, 2023 Naveen Sunkavally, Chief Architect at Horizon3.ai, announced the discovery of a new vulnerability, CVE-2023-27524, in Apache Superset and wrote comprehensively about the whole process. The vulnerability was caused by an insecure default configuration in the application. This is not the first time this type of vulnerability ... Read More

On April 11th, 2023, Microsoft released their April Patch Tuesday roundup, which includes 114 new vulnerability fixes and 4 updates for existing CVEs. Of these fixes, 17 were published on April 6th and 97 were published on April 11th. One of the vulnerabilities has already been exploited in the wild.  ... Read More

OpenAI’s ChatGPT was forced to halt service for a few hours earlier this week in order to fix an issue in an open-source library. The vulnerability may have exposed some users’ payment data. The company published a blog post on March 24, 2023, explaining what lead to the data breach ... Read More