* LASN_picture_logo.jpg

 

Locks and Security News: your weekly locks and security industry newsletter
22nd June 2022 Issue no. 612

Your industry news - first

 

We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.

 

Search
English French Spanish Italian German Dutch Russian Mandarin


May Threat Advisory - Top 5

* May-Threat-Advisory-2022.jpgF5 Released Patch for Critical Remote Code Execution Vulnerability in BIG-IP

Threat Reference: Global 

Risks: System Takeover, Arbitrary System Command Execution  

Advisory Type: Updates/Patches

Priority: Standard

F5 has patched critical remote code execution vulnerability having CVSS Score 9.8 in iControl REST component of the BIG-IP which allows unauthenticated attacker with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP by sending undisclosed requests to bypass the iControl REST authentication.

Recommendations

Apple Patched Zero-day Vulnerabilities Along with Multiple Other Vulnerabilities Affecting Apple Devices.

Threat Reference: Global 

Risks: Arbitrary Code Execution

Advisory Type: Updates/Patches

Priority: Elevated

Apple released security update to fix zero-day vulnerability which is actively exploited along with multiple other vulnerabilities for Apple devices. The vulnerability exists due to an error within the AppleAVD subsystem. Successful exploitation of these vulnerabilities could lead to arbitrary code execution on the targeted devices with the kernel level privileges. 

Recommendation

VMware Fixed Critical Vulnerabilities in Multiple Products.

Threat Reference: Global 

Risks: Privilege Escalation 

Advisory Type: Advisory/Patches 

Priority: Standard 

VMware has released updates to fix a Critical and important vulnerability in various VMware products. 

Recommendations

Critical and High Vulnerabilities Fixed in Jupiter Theme and JupiterX Core WordPress Plugin

Threat Reference: Global

Risks: Privilege Escalation (Broken Access Control), Local File Inclusion (LFI) 

Advisory Type: Updates/Patches

Priority: Standard

Security researchers discovered a critical privilege escalation vulnerability, Authenticated Path Traversal, and Local File Inclusion vulnerability in Jupiter Theme and JupiterX core WordPress Plugin.

Recommendation

SonicWall Patched High Severity Unauthenticated Access Control Bypass Vulnerability in SMA 1000 Series 

Threat Reference: Global 

Risks: Improper Access Control vulnerability

Advisory Type: Updates/Patches 

Priority: Standard 

SonicWall released a security update to patch the unauthenticated access control bypass vulnerability with a CVSS score of 8.2 (High) and other vulnerabilities in the SMA 1000 Series. Successful exploitation of the vulnerability can allow an unauthenticated attacker to bypass access control and gain access to an organization's internal resources.

Recommendations

Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.

Or if you suspect a security incident, you can report an incident here.

SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of May 2022

Credit to SecurityHQ team members: Devendra Bendre, Harsh Gajbhiya, Mandeep Sheoran, Geethu Krishna G

About SecurityHQ

SecurityHQ is a Global MSSP, that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs.

Author: Eleanor Barlow, Content Manager, SecurityHQ

Facebook: https://www.facebook.com/Sechq

Twitter: https://twitter.com/security_hq

LinkedIn: https://www.linkedin.com/company/securityhq/


25th May 2022




© Locks and Security News 2022.
Subscribe | Unsubscribe | Hall of Fame | Cookies | Sitemap