Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer.
Oracle addresses 183 CVEs in its first quarterly update of quarterly with 327 patches, including 71 critical updates.
Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.
CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection VulnerabilityJanuary 5, 2023
Zoho patches a newly disclosed high-severity SQL injection flaw in several ManageEngine products; attackers have historically targeted several ManageEngine products over the last three years.
A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation.
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible.
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently.
Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability.
Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild.
OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7.