M.A. Polce
Security Updates
Security Updates
09
March, 2023
0
New PoC for Recently Patched Microsoft Word Vulnerability
Overview On February 14th, 2023, Microsoft released a security advisory for Microsoft Word regarding a critical remote code execution (RCE) vulnerability. The vulnerability, CVE-2023-21716, was released as a critical severity…
01
March, 2023
Chatbot Scams – ChatGPT and New AI
Overview Chatbots are simulation applications that function as if you’re conversing with someone over the Internet. Many organizations use chatbots for customer support issues, and some chatbots are offered as…
17
February, 2023
Fortinet Patches for Vulnerabilities in FortiNAC, FortiWeb
Overview Throughout the past week, Fortinet released numerous security advisories regarding the availability of patches for product vulnerabilities. These patch releases address critical flaws affecting ForiNAC and FortiWeb products. Two…
15
February, 2023
Citrix Security Updates for Workspace Apps, Virtual Apps and Desktop
Overview Citrix has released security updates for new vulnerabilities within their Citrix Workspace Apps and Virtual Apps and Desktops. If applicable, address the vulnerabilities immediately. Doing so will prevent users…
10
February, 2023
DPRK Critical Infrastructure Ransomware Attacks
Overview The Cybersecurity Advisory (CSA) has collaborated on the #StopRansomware campaign which is responsible for publishing advisories for various ransomware threat actors worldwide. One major ransomware case that has come…
06
February, 2023
New Ransomware Campaign Targets Unpatched VMware ESXi Servers
Overview VMware released a security advisory on February 6th, 2023, about the ongoing attack of a vulnerability in ESXi's OpenSLP service. This new ransomware campaign targets public-facing ESXi servers worldwide. The…
01
February, 2023
Cisco Bug Opens Devices to Takeover
Overview Two new security vulnerabilities were discovered in Cisco products that are used throughout many organizations. Examples of these organization types include industrial factories, large enterprises, manufacturing centers, power grids,…
01
February, 2023
QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability
Overview QNAP Systems Inc. has brought attention to a new critical vulnerability (CVE-2022-27596) that allows remote attackers to inject malicious code on certain QNAP network-attached storage (NAS) devices. QNAP itself…
31
January, 2023
KeePass Disputes Vulnerability Allowing Stealthy Password Theft
Overview The open-source password management software KeePass has been linked to a newly found vulnerability, CVE-2023-24055. KeePass allows you to manage your passwords using a database that is locally stored…
25
January, 2023
CISA Releases Report for K-12 Schools to Help Address Evolving Cybersecurity Threats
Overview On January 24, 2023, the Cyber Security and Infrastructure Security Agency (CISA) released a report called "Partnering to Safeguard K-12 Organizations from Cybersecurity Threats," for K-12 institutions to help…
