VMware Releases Security Update for Aria Operations for Logs
VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs (formerly vRealize Log Insight). A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0007 and apply the necessary updates.
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Drupal security advisory SA-CORE-2023-005 for more information and apply the necessary updates.
Oracle Releases Security Updates
Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for April 2023 to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Oracle’s Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin and apply the necessary updates.
CISA Releases Two SBOM Documents
Today, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange (VEX).
The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace.
The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements.
Led by CISA, both publications were debated and drafted by a community of industry and government experts with the goal to offer some common guidance and structure for the large and growing global SBOM community.
APT28 explota conocida vulnerabilidad y así hacer reconocimiento e instalación de malware en routers de Cisco
A través de la explotación de la vulnerabilidad CVE-2017-6742, APT28 utiliza un exploit SNMP y así instalar malware, este malware obtiene información de los dispositivos la cual es filtrada mediante un archivo TFTP y permite el acceso no autenticado por medio de una puerta trasera. reconocimiento El protocolo simple de administración de red (SNMP) está […]
Errores críticos en la biblioteca vm2 de JavaScript podría conducir a código de ejecución remota
Una ronda fresca de parches ha sido liberada para la biblioteca vm2 de JavaScript los cuales apuntan a corregir dos errores críticos los cuales podrían ser explotados para quebrantar las protecciones de sandbox. vm2 Vm2 es una biblioteca sandbox utilizada para la ejecución de código no confiable en un entorno aislado en Node.js. este usa […]