NCERT | National Computer Emergency Response Team Philippines

Actively Exploited Zero-Day Vulnerability in Cisco IOS XE Software

Cisco has released a security advisory to address an actively exploited zero-day vulnerability(CVE-2023-20198 in the web user interface of Cisco IOS XE software. Based on the evidence analyzed by Cisco, a suspicious activity was observed on September 28, 2023 which includes the creation of unauthorized account on a customer’s device. Additionally on October 12, Cisco continue reading : Actively Exploited Zero-Day Vulnerability in Cisco IOS XE Software

Microsoft Releases October 2023 Patch Tuesday Security Updates

Microsoft has released its October 2023 Patch Tuesday security updates to fix multiple vulnerabilities across its products, including three reported zero-day vulnerabilities (CVE-2023-36563, CVE-2023-41763, and CVE-2023-44487) that are currently being exploited in the wild. Based on the official release notes from Microsoft, there are a total of 103 Microsoft CVEs and 2 non-Microsoft CVEs. ____________________________ continue reading : Microsoft Releases October 2023 Patch Tuesday Security Updates

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-5217)

Google has released Chrome Version 117.0.5938.132 for Mac, Linux, and Windows to address several security vulnerabilities, including a zero-day vulnerability (CVE-2023-5217). Based on the official site for Chrome updates, “Google is aware of reports that an exploit for CVE-2023-5217 exists in the wild”. _____________________________ A. Nature of Vulnerabilities CVE-2023-5217 CVE-2023-5186 CVE-2023-5187 _____________________________ B. Actions to continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-5217)

Microsoft Releases September 2023 Patch Tuesday Security Updates

Microsoft has released its September 2023 Patch Tuesday security updates to fix multiple vulnerabilities across its products, including two reported vulnerabilities(CVE-2023-36761 and CVE-2023-36802) that are currently being exploited in the wild. Based on the official release notes from Microsoft, there are a total of 59 Microsoft CVEs and 7 non-Microsoft CVEs. ____________________________ A. List of continue reading : Microsoft Releases September 2023 Patch Tuesday Security Updates

Cisco Releases Security Advisories for Multiple Products (CVE-2023-20238 and CVE-2023-20243)Microsoft Releases July 2023 Patch Tuesday Security Updates

Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products. Based on their official advisory, Cisco PSIRT has not found any public announcements or instances of malicious exploitation related to the described vulnerability. _____________________________ A. Nature of Vulnerability CVE-2023-20238 CVE-2023-20243 _____________________________ B. Affected Products CVE-2023-20238 Enabling the following applications on a vulnerable release continue reading : Cisco Releases Security Advisories for Multiple Products (CVE-2023-20238 and CVE-2023-20243)Microsoft Releases July 2023 Patch Tuesday Security Updates