Security researchers have published technical details on a critical Fusion Middleware vulnerability that Oracle took six months to patch.
Researchers: Oracle Took 6 Months to Patch ‘Mega’ Vulnerability Affecting Many Systems
CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day
Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.
Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors
Codesys this week announced patches for nearly a dozen vulnerabilities discovered in the company’s products by researchers at Chinese cybersecurity firm NSFocus.
US Agencies Warn Organizations of Log4Shell Attacks Against VMware Products
The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) have issued a joint advisory to warn organizations that threat actors continue to exploit the Log4Shell vulnerability in VMware Horizon and Unified Access Gateway (UAG) servers.
Top Cryptographers Flag ‘Devastating’ Flaws in MEGA Cloud Storage
Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data in the MEGA cloud.”
ICS Vendors Respond to OT:Icefall Vulnerabilities Impacting Critical Infrastructure
Some of the industrial control system (ICS) vendors impacted by the OT:Icefall vulnerabilities have released advisories to inform customers about the impact of the flaws and to provide mitigations.
SMA Technologies Patches Critical Security Issue in Workload Automation Solution
A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations.
Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.
Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain
Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark.
Google Patches 14 Vulnerabilities With Release of Chrome 103
Google this week announced the release of Chrome 103 to the stable channel with patches for a total of 14 vulnerabilities, including nine reported by external researchers.
The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base.
Industry Reactions to ‘OT:Icefall’ Vulnerabilities Found in ICS Products
Cybersecurity firm Forescout has disclosed OT:Icefall, a collection of 56 vulnerabilities discovered across the products of ten companies that make operational technology (OT) systems.