Frank Crast, Author at Securezoo

Adobe security updates for multiple products (17 Critical vulnerabilities fixed)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 13, 2022 / Acrobat and Reader, Adobe, Adobe Acrobat, Adobe Commerce, Cold Fusion, Magento

Adobe has released security updates that address multiple vulnerabilities in Adobe Dimension, Adobe Cold Fusion, Adobe Acrobat and Reader, and Adobe Commerce and Magneto Open Source.

Adobe security updates for multiple products (17 Critical vulnerabilities fixed) Read More »

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 12, 2022 / Active Directory, Azure, CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-34689, CVE-2022-37968, CVE-2022-37976, CVE-2022-37979, CVE-2022-38000, CVE-2022-38047, CVE-2022-38048, CVE-2022-41033, CVE-2022-41034, CVE-2022-41038, CVE-2022-41081, EoP, Hyper-V, Kubernetes, Office, Point-to-Point, PPT, RCE, SharePoint, Vulnerabilities

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days) Read More »

Intel reports leak of Alder Lake BIOS source code

Application Security, Data Breach, Source Code Security / Frank Crast / October 10, 2022 / Alder Lake, BIOS, Intel, Intel Core, Source Code, Vulnerabilities

Chipmaker Intel has confirmed a leak of its Alder Lake BIOS source code, as revealed on 4chan and GitHub. However, the hacker’s origin (or root cause) remains unknown.

Intel reports leak of Alder Lake BIOS source code Read More »

Apple releases security update for iOS 16.0.3

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 10, 2022 / Apple, CVE-2022-22658, iOS, iOS1603, iPhone

Apple has released a security update for Apple iOS 16.0.3 with a fix for a Mail vulnerability CVE-2022-22658. A remote attacker could exploit some of these vulnerabilities to take control of unpatched device.

Apple releases security update for iOS 16.0.3 Read More »

Android Security Bulletin for October 2022

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 10, 2022 / Android, CVE-2022-20419, mobile, Vulnerabilities

Google has released its Android Security Bulletin for October 2022 with details of security vulnerabilities affecting Android devices.

Android Security Bulletin for October 2022 Read More »

Top CVEs targeted by PRC state-sponsored cyber actors

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / October 8, 2022 / Apache, BIG-IP, CVE-2019-11510, CVE-2019-19781, CVE-2020-5902, CVE-2021-1497, CVE-2021-20090, CVE-2021-22005, CVE-2021-22205, CVE-2021-26084, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-36260, CVE-2021-40539, CVE-2021-41773, CVE-2021-42237, CVE-2021-44228, CVE-2022-1388, CVE-2022-24112, CVE-2022-26134, Exchange, log4Shell, ProxyLogon

The FBI, NSA and CISA coauthored a joint Cybersecurity Advisory detailing how People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit common, publicly known vulnerabilities used since 2020 to “actively target U.S. and allied networks.”

Top CVEs targeted by PRC state-sponsored cyber actors Read More »

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks Read More »

Google releases Chrome 106 security update with fixes for 2 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 3, 2022 / Chrome, Chrome 106, CVE-2022-3370, CVE-2022-3373, Google, iOS

Google has released Chrome 106 (106.0.5249.91) for Windows, Mac and Linux, with fixes for three vulnerabilities (two rated High severity).

Google releases Chrome 106 security update with fixes for 2 High severity vulnerabilities Read More »

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 1, 2022 / Atlassian, CVE-2022-36804, CVE-2022-41040, CVE-2022-41082, Exchange, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

Drupal patches Critical Twig third-party library vulnerability (CVE-2022-39261)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 1, 2022 / CVE-2022-39261, Drupal, Twig

Drupal has patched a Critical Twig third-party library vulnerability (CVE-2022-39261) that affect multiple versions of Drupal Core.

Drupal patches Critical Twig third-party library vulnerability (CVE-2022-39261) Read More »