Security content of iOS 15.7.4 and iPadOS 15.7.4
About Apple security updates For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference vulnerabilities by CVE-ID when possible. For more information…
Cisco Releases Security Advisory for IOS XR Software
Cisco has released a security advisory for a vulnerability affecting IOS XR Software for ASR 9000 Series Routers. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to…
AVEVA Plant SCADA and AVEVA Telemetry Server
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA Plant SCADA and AVEVA Telemetry Server Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to read data, cause a denial of service, and tamper with…
CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping
CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions,…
Siemens SCALANCE X200 IRT
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X200 IRT Products Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…
Fortinet Releases Security Updates for FortiOS
Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. FortiOS – heap-based buffer overflow in sslvpnd Summary A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may…
Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
Summary A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.This vulnerability is due to insufficient input validation of received Cisco Discovery…
CISA Releases Phishing Infographic
CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly…
AVEVA Edge
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Digital Alert Systems Equipment: DASDEC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities might result in false alerts being issued to broadcast or cable sites that are immediately connected to the…
Apple Releases Security Update for Xcode
Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. About Apple security updates For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an…
Stay connected