Palo Alto Networks: Network Security Trends report highlights common RCE vulnerability exploits against web apps

Palo Alto Networks Unit 42 researchers released a new report “Network Security Trends” that highlights how attackers are exploiting remote code execution (RCE), cross-site scripting (XSS), traversal and information disclosure vulnerabilities in multiple vendor products.

hacking, security, cyber-4038037.jpg

Cisco issues Critical security updates for Spring Framework vulnerability

Cisco has issued an updated Critical security advisory for a Spring Framework vulnerability CVE-2022-22965 that affects multiple Cisco products. The networking giant also released a security update for a Critical LAN wireless controller vulnerability.

security, alarm, monitor-5043368.jpg

CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical VMware Workspace ONE Access and Identity Manager vulnerability to its Known Exploited Vulnerabilities Catalog. VMware also confirmed known exploits in the wild have been detected for CVE-2022-22954.

VMware releases Critical security updates (updated with known exploits for CVE-2022-22954)

VMware has released Critical updates for VMware Workspace ONE Access, Identity Manager and vRealize that address multiple vulnerabilities. VMware also updated the advisory to confirm there is known exploits in the wild for one of those vulnerabilities CVE-2022-22954.