Security Leftovers
-
Tenable Announces New Research Alliance Program for Vulnerability Intelligence Sharing
This new intelligence sharing initiative aims to reduce the window of opportunity threat actors have to exploit newly-disclosed vulnerabilities, allowing security teams and system administrators to address attack paths before hackers can take advantage. AlmaLinux, Canonical, CIQ, GreyNoise and TuxCare [the new brand name for CloudLinux Enterprise services] are the five inaugural members of this growing network.
-
CISA Releases Three Industrial Control Systems Advisories
CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
-
Announcing Istio 1.14.5
This release includes security fixes in Go 1.18.7 (released 2022-10-04) for the archive/tar, net/http/httputil, and regexp packages. This release also includes fixes to improve robustness. This release note describes what is different between Istio 1.14.4 and Istio 1.14.5.
-
Istio / Announcing Istio 1.15.2
This release includes security fixes in Go 1.19.2 (released 2022-10-04) for the archive/tar, net/http/httputil, and regexp packages. This release contains bug fixes to improve robustness. This release note describes what is different between Istio 1.15.1 and Istio 1.15.2.
-
Istio / Announcing Istio 1.13.9
This release contains a patch for CVE-2022-41715 and bug fixes to improve robustness. This release note describes what is different between Istio 1.13.8 and Istio 1.13.9.
-
iTWire - Microsoft fails to fix Exchange zero-days in October Patch Tuesday release
Microsoft has released patches for 84 vulnerabilities in its products on its monthly Patch Tuesday, but failed to deliver fixes for two zero-day flaws in versions of Exchange Server that were reported publicly on 29 September.
The Security Response Team at Tenable said in a blog post that the 84 CVEs which were issued included two critical flaws.
Microsoft issued a statement, listing security updates for vulnerabilities in Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019.
As iTWire reported, based on tweets from British security expert Kevin Beaumont, the two zero-days are similar to the ProxyShell vulnerability for which updates were issued by Microsoft in May and July last year.
-
Microsoft Releases October 2022 Security Updates | CISA
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
-
CISA Has Added One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.