Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure
patches
Privacy Tip #419 – Apple Issues Security Updates
Apple product users—update your new Apple security patches now!
Apple released security patches iOS 17.7.1 and iPadOS 17.7.1 on October 27, 2024, and patches to iOS 18.1 and iPadOS 18.1 on October 28, 2024, to address vulnerabilities and zero day initiatives. These patches should be applied as soon as possible: currently, “an attacker with physical…
Black Basta Exploits Microsoft Zero-Day After Patch
It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March.
The vulnerability, CVE-2024-26169, was on Microsoft’s March update’s Patch Tuesday List. Unpatched, it allows the threat actor to escalate privileges. Symantec’s threat hunter team has discovered that Black Basta…
CISA Issues Binding Operational Directive on Patching Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a Binding Operational Directive requiring all federal agencies to apply patches to new and old vulnerabilities that are being exploited in the wild.
The Directive, entitled Reducing the Significant Risk of Known Exploited Vulnerabilities, “establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant…
NSA Issues List of Vulnerabilities Used by Chinese Backed Hackers
The National Security Agency (NSA) issued a Cybersecurity Advisory on October 20, 2020, entitled “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities,” alerting IT professionals to 25 vulnerabilities that Chinese state-sponsored hackers are using against U.S. businesses that “can be exploited to gain initial access to victim networks using products that are directly accessible from the…