Security Bulletin

Apple has released security updates for Safari, iOS and iPadOS, Sonoma, Ventura, and Monterey to address multiple vulnerabilities. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages...

The Apache Software Foundation has released security updates to address a vulnerability (CVE-2023-50164) in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to...

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review...

Here’s why organizations really need to do a better job managing the identities of their contractors.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TechRadar reports that vulnerable versions of the Apache Log4j software have been observed across 38% of apps between Aug. 15 and Nov. 15, indicating the enduring security risk of the software.

Exploitation of privilege escalation vulnerabilities accounted for 55% of insider threats from January 2021 to April 2023, while the remainder of threats involved offensive tool misuse, reports BleepingComputer.

More than 700 smartphones from Apple, Google, Samsung, and 21 other brands have been impacted by a collection of 14 vulnerabilities dubbed 5Ghoul that concern the implementation of Qualcomm and MediaTek 5G mobile network modem firmware, according to...

Central Virginia-based Greater Richmond Transit Company has confirmed having its network impacted by a cyberattack around Thanksgiving, which disrupted parts of its network and some of its apps, reports The Record, a news site by cybersecurity firm...

Data from patients, employees, and dependents at Kentucky-based health network Norton Healthcare has been compromised following a May ransomware attack that was previously claimed by the ALPHV/BlackCat ransomware operation, according to...