Advisory ID: NCC-CSIRT-0603-013
Summary: Google Chrome has been found to have several vulnerabilities that an attacker may use to execute arbitrary code and access sensitive information on the targeted device.
Vulnerable Platform(s): Windows, Mac, and Linux Operating Systems
Advisory ID: NCC-CSIRT-0303-012
Summary: Trellix a security firm published some flaws with iOS 16.3 and macOS 13.2. The firm says they are a part of a new class of bugs that can allow attackers to bypass code signing on macOS and iOS systems. The Vulnerability allows an attacker to execute arbitrary code out of its sandbox or with certain elevated privileges. It also allows a remote user to bypass protections set by Apple and access a user’s personal information.
Vulnerable Platform(s): Apple Operating Systems
Read more: Apple Updates IOS as Security Firm Discloses New Class of Vulnerabilities
Advisory ID: NCC-CSIRT-1702-011
Summary: Microsoft will no longer support Windows 10, version 20H2 for enterprise and education in three months, on May 9, 2023. Therefore, these versions of Windows 10 will no longer be receiving security updates to patch critical vulnerabilitie
Vulnerable Platform(s): Windows Operating Systems
Advisory ID: NCC-CSIRT-0702-010
Summary: The France Computer Emergency Response Team (CERT-FR) has discovered a ransomware attack employing a high-severity ESXi (bare metal hypervisor) vulnerability that VMware addressed in February 2021, which might lead to the execution of arbitrary code and encrypts files associated with virtual machines. The attack is targeting Unpatched and unprotected VMware ESXi servers that are exposed to the Internet on port 427 across the world.
Vulnerable Platform(s): VMware ESXi Servers
Advisory ID: NCC-CSIRT-3101-009
Summary: Bitwarden and other password managers (a software application that is used to store and manage the passwords that a user has for various online accounts and security features. It provides a secure access to all the password information with the help of a master password) are being targeted in Google ads phishing campaigns to steal users' password vault credentials by creating phishing Web pages.
Vulnerable Platform(s): Operating Systems
- Vulnerability on Facebook Allows Two-Factor Authentication Bypass Via Instagram
- Hackers Spread Malware Using Microsoft OneNote Attachments
- Multiple Vulnerabilities in Samsung Galaxy App Store Application Can Lead to Unwanted App Installations and Code Execution
- Google Ads Platform is Misused by Hackers to Promote Malicious Downloads in Search Results