VMware Critical Vulnerabilities (CVE-2022-22972 and CVE-2022-22973)

VMware has released a critical security advisory (VMSA-2022-0014) for the security vulnerabilities found in multiple VMware products. ______________________________ A. Nature of Vulnerability CVE-2022-22972 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity continue reading : VMware Critical Vulnerabilities (CVE-2022-22972 and CVE-2022-22973)

F5 BIG-IP products vulnerability (CVE-2022-1388)

______________________________ A. Nature of Vulnerability CVE-2022-1388 CVE-2022-1388 allows unauthenticated attackers with network access to the BIG-IP system to run arbitrary code and gain control via the management port or self-IP addresses. ______________________________ B. List of Affected Versions and Fixed Versions BIG-IP (all modules) Affected Versions Fixed Version 16.1.0 – 16.1.2 16.1.2.2 15.1.0 – 15.1.5 15.1.5.1 continue reading : F5 BIG-IP products vulnerability (CVE-2022-1388)

Oracle Critical Patch Update Advisory – April 2022

______________________________ A. Actions to be Taken Review and apply the necessary patch/es provided by Oracle. Proactively monitor and secure identified systems and devices for any suspicious/malicious activities. In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface. For additional information, kindly refer to the official advisories: https://www.oracle.com/security-alerts/cpuapr2022.html?fbclid=IwAR0ipvSnyD10MZWYeEDgCyWWDa2FpaLDxGc25qO6YWnN8FQ2VAIVULLZMoU ______________________________ B. continue reading : Oracle Critical Patch Update Advisory – April 2022

Lenovo Notebook BIOS Vulnerabilities (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972)

Lenovo has addressed 3 high-impact security vulnerabilities tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 that affect Lenovo consumer laptops in its Unified Extensible Firmware Interface (UEFI). This came after ESET security researchers responsibly reported the vulnerabilities to Lenovo in October last year. According to the detailed technical analysis published by ESET, two of the vulnerabilities (CVE-2021-3971 continue reading : Lenovo Notebook BIOS Vulnerabilities (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972)

Google Chrome Version 100.0.4896.127

Google has released Chrome Version 100.0.4896.127 for Windows, Mac, and Linux, to fix 2 security issues, including a known zero-day vulnerability (CVE-2022-1364). According to Google, they are aware that an exploit for CVE-2022-1364 exists in the wild. ______________________________ A. Nature of Vulnerability CVE-2022-1364 A high severity type confusion weakness in the Chrome V8 JavaScript engine continue reading : Google Chrome Version 100.0.4896.127