Just one new vulnerability on Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog, for the F5 environment. CISA Adds One Known Exploited Vulnerability to Catalog | CISA
Patch Tuesday – May 2022
Here is SANS’ excellent round-up of Microsoft’s Patch Tuesday: Microsoft May 2022 Patch Tuesday – SANS Internet Storm Centre There are the usual array of issues that Microsoft is fixing be they become an issue – one of the Windows patches fixes Windows LSA, this impacts the authentication of accounts …
Flaw discovered in third-party code libraries used by hundreds of vendors
Among the vendors using uClibc and the uClibc variant uClibc-ng are Linksys, Netgear, Axis and Gentoo an embedded Linux distribution. This page from Ars Technica has links to the impacted devices: Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw | Ars Technica Vendors were informed of …
Continue reading “Flaw discovered in third-party code libraries used by hundreds of vendors”
If you have an Aruba or Avaya switch – then this post is for you
Critical vulnerabilities have been discovered in these devices. No exploits have been reported in the wild – but patches are available – so get patching. Critical flaws in ‘millions of Aruba, Avaya switches’ • The Register
Zero-Days are back in the news
Zero-Days – will always be a problem and both Google and Mandiant are reporting rises in such exploitations in 2021. I have reported on this before but the point that comes out in Bruce Schneier’s piece is the numbers these research groups are reporting are detected or declared Zero-Days. What …