Blog – Pagina 121 – Luca Donetti Dontin

Set302023

Rilevate vulnerabilità zero-day in Exim (AL01/230930/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Sono stata rilevate diverse vulnerabilità zero-day impattanti il server di posta Exim, di cui una con gravità “critica” e due con gravità “alta”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Set282023

CISA Releases Three Industrial Control Systems Advisories

in Cybersecurity
Tagged with Cisa

CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-271-01 Rockwell Automation PanelView 800 ICSA-23-271-02 DEXMA DexGate ICSA-23-143-02 Hitachi Energy’s RTU500 Series Product (UPDATE A) CISA encourages users and…

Continue reading →

Set282023

PoC pubblico per lo sfruttamento della CVE-2023-42793 (AL03/230928/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Disponibile un Proof of Concept (PoC) per la vulnerabilità CVE-2023-42793 – già sanata dal vendor – presente in Teamcity, piattaforma software CI/CD general-purpose di JetBrains. Tale vulnerabilità, qualora sfruttata, potrebbe permettere a un utente malintenzionato remoto non autenticato, il bypass dei meccanismi di sicurezza e…

Continue reading →

Set282023

Minor Palo Bug: ICMPv6 Errors sourced from Unspecified Address

in Blog
Tagged with

During my IPv6 classes, I discovered a (minor) bug at the NGFW from Palo Alto Networks: ICMPv6 error messages, such as “time exceeded” (type 3) as a reply of traceroute, or “destination unreachable” (type 1) as a reply of a drop policy, are not correctly…

Continue reading →

Set262023

CISA Releases Six Industrial Control Systems Advisories

in Cybersecurity
Tagged with Cisa

CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03 Mitsubishi Electric FA Engineering Software ICSA-23-269-04 Advantech EKI-1524-CE…

Continue reading →

Set262023

Aggiornamenti Mensili Microsoft (AL09/230613/CSIRT-ITA) – Aggiornamento

in Cybersecurity
Tagged with csirt

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 78 nuove vulnerabilità, di cui 4 con gravità “critica”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Set242023

Apple Releases Security Updates for Multiple Products

in Cybersecurity
Tagged with Cisa

Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 17.0.1…

Continue reading →

Set242023

Aggiornamenti di sicurezza Apple (AL01/230922/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Apple ha rilasciato aggiornamenti di sicurezza per sanare 3 vulnerabilità di tipo 0-day che interessano i propri prodotti. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →