Category: alerts

Original release date: August 3, 2022 VMware has released security updates to address multiple vulnerabilities in VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review VMware Security… Read more

DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails. Read more

Original release date: August 1, 2022 | Last revised: August 2, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were… Read more

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. Read more

Original release date: July 28, 2022 From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings. Users and… Read more

Original release date: July 26, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info infiray — iray-a8z3_firmware An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. 2022-07-17 10 CVE-2022-31209 MISC infiray — iray-a8z3_firmware… Read more

The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing. Read more

Original release date: July 20, 2022 | Last revised: July 21, 2022 Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the Oracle July… Read more

Original release date: July 18, 2022 | Last revised: July 19, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ceneo-web-scrapper_project — ceneo-web-scrapper The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. 2022-07-11 7.5 CVE-2022-31570 MISC clinic’s_patient_management_system_project —… Read more