The US government Cybersecurity and Infrastructure Security Agency (CISA) as regular readers of my work will know, is one of my trusted, go to places for information on cyber security vulnerabilities. There is an advisory for multiple Cisco products and three additions to the Known Exploited Vulnerabilities database for Progress …
Exploited Vulnerabilities
The US government Cybersecurity and Infrastructure Security Agency (CISA) has added a number of products to its Known Exploited Vulnerabilities Catalog, including products from Microsoft, Red Hat, Arm and Google. Known Exploited Vulnerabilities Catalog | CISA Our penetration testing suite and this database is probably one of my most visited …
CISA Catch-up
It has been one of those weeks, so let’s catch up with the cyber security advisories from one of my trusted sources, The US government Cybersecurity and Infrastructure Security Agency (CISA). There are alerts for Apple, Cisco and Mozilla products. Cisco Releases Security Advisories for Multiple Products | CISA Apple …
Apple and Google are plugging the same zero-day flaw
Research has now revealed that the cause of the recent Apple and Google zero-day patches was the same software library used by both software giants. Libwebp, a library found in millions of apps, was the source of the vulnerability. Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day …
Continue reading “Apple and Google are plugging the same zero-day flaw”
Writing software is hard
Writing code for today’s sophisticated software is hard and no matter how careful the vendors are, how many beta and alpha testers they have, errors will always slip through. If those errors compromise the user’s security, you can bet a threat actor will discover them and exploit them. It is …
