USN-6392-1: libppd vulnerability

Ubuntu Security Advisory It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code. READ MORE

Read More

USN-6391-1: CUPS vulnerability

Ubuntu Security Advisory It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. READ MORE

Read More

USN-6390-1: Bind vulnerabilities

Ubuntu Security Advisory It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2023-3341) Robert Story discovered that Bind incorrectly handled certain DNS-over-TLS queries. A remote attacker could possibly…

Read More

USN-6389-1: Indent vulnerability

Ubuntu Security Advisory It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute arbitrary code. READ MORE

Read More

GCP-2023-028

Google Cloud Platform Security Advisory Published: 2023-09-19 Description Description Severity Notes Customers can configure Chronicle to ingest data from customer-owned Cloud Storage buckets using an ingestion feed. Until recently, Chronicle provided a shared service account that customers used to grant permission to the bucket. An opportunity existed such that one customer’s Chronicle instance could be…

Read More

GCP-2023-027

Google Cloud Platform Security Advisory Published: Description Severity Notes VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896) Customer Care impact VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation). What should I do? Customers are not impacted and no action needs to be taken. Medium CVE-2023-20893 CLICK…

Read More

#StopRansomware: Snatch Ransomware

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov…

Read More

FBI and CISA Release Advisory on Snatch Ransomware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. FBI investigations identified these IOCs and TTPs as recently as June 1, 2023. Snatch threat…

Read More

Omron Engineering Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron engineering software are affected: Sysmac Studio: version 1.54…

Read More