CVE-2022-3786 and CVE-2022-3602: OpenSSL Patches Two High Severity Vulnerabilities
November 1, 2022OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7.
CVE-2021-39144: VMware Patches Critical Cloud Foundation Vulnerability in XStream Open Source Library
October 26, 2022VMware issues patches for end-of-life versions of Cloud Foundation Network Security Virtualization for vSphere (NSX-V) to address a critical vulnerability in an open source library. Background ...
Oracle October 2022 Critical Patch Update Addresses 179 CVEs
October 19, 2022Oracle addresses 179 CVEs in its fourth and final quarterly update of 2022 with 370 patches, including 56 critical updates.
Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)
October 11, 2022Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws.
Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)
October 7, 2022CISA, the NSA and FBI issue a joint advisory detailing the top 20 vulnerabilities exploited by state-sponsored threat actors linked to the People’s Republic of China.
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
October 7, 2022Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
September 30, 2022Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.
AA22-257A: Cybersecurity Agencies Issue Joint Advisory on Iranian Islamic Revolutionary Guard Corps-Affiliated Attacks
September 15, 2022Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks.
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
September 14, 2022Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.
Microsoft’s September 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-37969)
September 13, 2022Microsoft addresses 62 CVEs in its September 2022 Patch Tuesday release, including five critical flaws.
Ransomware Preparedness: Why Organizations Should Plan for Ransomware Attacks Like Disasters
August 16, 2022As ransomware has cemented itself as one of the biggest cybersecurity threats to companies around the globe, it has become increasingly important that organizations treat ransomware attacks like they would a natural disaster and establish a robust preparedness plan.
Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)
August 9, 2022Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws.