Tux Machines

Proprietary Software Security Failures

Posted by Roy Schestowitz on Dec 14, 2022

today's howtos
Gemini Articles of Interest

Apple Releases Security Updates for Multiple Products | CISA

↺ Apple Releases Security Updates for Multiple Products | CISA
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

Microsoft Releases December 2022 Security Updates | CISA

↺ Microsoft Releases December 2022 Security Updates | CISA
An attacker can exploit some of these vulnerabilities to take control of an affected system.

VMware Releases Security Updates for Multiple products | CISA

↺ VMware Releases Security Updates for Multiple products | CISA
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA [Ed: "Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file"]

↺ CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose a significant risk to the federal enterprise. Note: To view newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing | CISA [Ed: NSA has been attacking entire networks; why is it posing as a guardian of network security?]

↺ NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing | CISA
Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing. The guidance builds upon ESF’s Potential Threat Vectors to 5G Infrastructure, published in 2021.
gemini.tuxmachines.org