Microsoft Releases July 2023 Patch Tuesday Security Updates

Microsoft has released its July 2023 Patch Tuesday security updates to fix multiple vulnerabilities across its products, including six reported vulnerabilities that are currently being exploited in the wild.  Based on the official release notes from Microsoft, there are a total of 132 vulnerabilities. Of these vulnerabilities, 9 are classified as critical, 122 are classified continue reading : Microsoft Releases July 2023 Patch Tuesday Security Updates

Critical Vulnerability In FortiOS And FortiProxy SSL-VPN (CVE-2023-27997)

Fortinet has released a patch to fix a critical vulnerability (CVE-2023-27997) in its FortiOS and FortiProxy SSL-VPN, which may have been exploited in attacks targeting government, manufacturing, and critical infrastructure. In a separate blog released by Fortinet, the security solution company clarifies, “At this time, we are not linking FG-IR-23-097 to the Volt Typhoon campaign. continue reading : Critical Vulnerability In FortiOS And FortiProxy SSL-VPN (CVE-2023-27997)

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-3079)

Google has released Chrome Version 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows to fix a zero-day vulnerability (CVE-2023-3079). Based on the official site for Chrome updates, “Google is aware of reports that an exploit for CVE-2023-3079 exists in the wild.”. _____________________________ A. Nature of Vulnerability CVE-2023-3079 _____________________________ B. Actions to be Taken CERT-PH continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-3079)

Andromeda Malware Infiltration in Government and Academe Sectors

CERT-PH monitored a malware infiltration (Trojan/Botnet) infecting government and academe sectors. The malware mainly targets the Windows operating system, which is exploited to establish a network of compromised computers. These infected machines are then incorporated into the Andromeda Botnet, which enables the distribution of various other malware families associated with Andromeda. A. Nature of the continue reading : Andromeda Malware Infiltration in Government and Academe Sectors

Multiple Vulnerabilities Affecting Cisco Small Business Series Switches

Cisco has released security updates to fix multiple vulnerabilities affecting certain Cisco Small Business Series Switches. Out of the 9 vulnerabilities mentioned in the official advisory, 4 of them are classified as Critical with a CVSS score of 9.8 (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189). The described vulnerabilities have a proof-of-concept accessible, however, the Cisco PSIRT continue reading : Multiple Vulnerabilities Affecting Cisco Small Business Series Switches