Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify … [Read more...] about 3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies
Vulnerabilities
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows … [Read more...] about High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it … [Read more...] about Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a … [Read more...] about OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The … [Read more...] about Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Threat Trends: Vulnerabilities – Cisco Blogs
Explore the nature of vulnerabilities in this episode of ThreatWise TV. It’s shaping up to be another big year for vulnerability disclosure. Already the number of Common Vulnerabilities and Exposures (CVEs) disclosed has crossed 18,000 and it’s on track to make this another record-breaking year. With new CVEs being disclosed daily, it has become increasingly difficult for … [Read more...] about Threat Trends: Vulnerabilities – Cisco Blogs
Microsoft patches 64 vulnerabilities, one being exploited
Microsoft’s vulnerability hunters have presented a fresh catch: 64 vulnerabilities in its various products and services — five of which are critical. Two vulnerabilities were publicly disclosed before the patch was released (which technically makes them zero-days), and one is being actively exploited by attackers. As usual, we recommend installing updates with no delay. In the … [Read more...] about Microsoft patches 64 vulnerabilities, one being exploited
New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps
Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security … [Read more...] about New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to … [Read more...] about ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used … [Read more...] about New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops