Featured Story
Apple Rolled Out Emergency Updates to Address 3 New Actively Exploited Zero-Day Flaws
Apple released emergency updates to fix three actively exploited zero-day vulnerabilities:
- CVE-2023-41993 – WebKit RCE flaw via malicious web content
- CVE-2023-41991 – Security framework bypass for app signature validation
- CVE-2023-41992 – Kernel flaw enabling privilege escalation
Patched versions include macOS 12.7/13.6, iOS/iPadOS 16.7 & 17.0.1, and watchOS 9.6.3 & 10.0.1.
These zero-days were found to be exploited in the wild. Please ensure your devices are running the latest OS version. Our SOC is available for mobile threat defense consultations or patch management strategy support.
Other Stories
Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products
Trend Micro released a fix for CVE-2023-41179, a zero-day vulnerability actively exploited in Apex One, Apex One SaaS, and Worry-Free Business Security. It allows attackers to execute code via third-party software removal features.
Ensure your agents are updated to:
- Apex One SP1 Patch 1 (B12380)
- Apex One SaaS July Patch (202307)
- WFBS 10.0 SP1 Patch 2495
Contact us for threat verification and agent version audits.
GitLab Users Advised to Update Against Critical Flaw Immediately
CVE-2023-5009 allows privilege escalation through manipulated scan policies. GitLab has provided fixes in versions 16.3.4 and 16.2.7 (CE and EE). It also advises against combining Direct Transfers and Security Policies.
Ensure all GitLab servers are upgraded to the latest supported version. Contact us for secure CI/CD pipeline reviews or DevSecOps consulting.
Microsoft AI Researchers Leak 38TB of Private Data via Public GitHub Repo
Cloud security firm Wiz discovered a GitHub repo exposing over 38TB of sensitive internal Microsoft data due to a misconfigured Azure SAS token. Data included device backups, internal Teams messages, and secrets.
- Use SAS tokens only when necessary
- Always set expiry dates
- Limit permissions to least privilege
Need help with data governance or secure Azure architecture? Our experts can support you.
Warning: New RCE Vulnerabilities Affecting FortiWeb, FortiProxy and FortiOS
Fortinet released updates to fix two high-impact RCE vulnerabilities: CVE-2023-34984 and CVE-2023-29183. CISA warns that successful exploitation may result in total system compromise.
Please upgrade:
- FortiWeb to version 7.0.7+
- FortiProxy to version 7.0.11+
- FortiOS to version 6.2.15+
Our SOC is available for patch verification and exploitation checks.
