Security Leftovers and Windows TCO
-
XSAs released on 2023-11-14
The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is affected by at least one of these XSAs.
-
Security Week ☛ Critical Authentication Bypass Flaw in VMware Cloud Director Appliance
VMware flaw carries a CVSS severity-score of 9.8/10 and can be exploited to bypass login restrictions when authenticating on certain ports.
-
HiR ☛ November 2023 SecKC Presentation: Mobile SDR
Thanks to all who showed up and asked questions!
-
Security Week ☛ Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack
CacheWarp is a new attack method affecting a security feature present in AMD processors that can pose a risk to virtual machines.
-
Tom's Hardware ☛ AMD CacheWarp Vulnerability Afflicts Previous Gen EPYC Server CPUs, Patch Issued
CacheWarp is the latest security hole in AMD chips, and it's present in first, second, and third generation EPYC processors. AMD has only issued a patch for its third gen Milan CPUs.
-
Security Week ☛ Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
Adobe patches 72 security bugs and calls special attention to code-execution defects in the widely deployed Acrobat and Reader software.
-
Security Week ☛ ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
Siemens and Schneider Electric’s Patch Tuesday advisories for November 2023 address 90 vulnerabilities affecting their products.
-
Windows TCO
-
The Straits Times ☛ Australia says hacks surging, state-sponsored groups targeting critical infrastructure
There was an estimated hack on Australian assets every 6 minutes: Australian Cyber Security Centre.
-
Security Week ☛ Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide
CISA says Royal ransomware has targeted 350 organizations to date, demanding over $275 million in ransoms.
-
Bleeping Computer ☛ Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft’s November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.
-
Security Week ☛ Microsoft Warns of Critical Bugs Being Exploited in the Wild
Patch Tuesday: Redmond’s security response team flags two vulnerabilities -- CVE-2023-36033 and CVE-2023-36036 -- already being exploited in the wild.
-
IT Wire ☛ Microsoft patches 57 flaws, five zero-day vulnerabilities
The company also patched five zero-day vulnerabilities, including three exploited in the wild.
Satnam Narang, senior staff research engineer at security firm Tenable, said CVE-2023-36025 was a security feature bypass vulnerability in backdoored Windows SmartScreen that was being exploited in the wild as a zero-day.
"An attacker could exploit this flaw by crafting a malicious Internet Shortcut (.URL) file and convincing a target to click on the file or a hyperlink pointing to a .URL file," he explained.
-