Featured Story
Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk
A high-severity vulnerability in the data transfer project cURL has been addressed in libcurl and curl updates this week.
These issues, CVE-2023-38545 and CVE-2023-38546, affect the command-line tool and library used in many enterprise systems to handle URL-based data transfers. CVE-2023-38545 has been rated particularly critical.
We urge our customers to identify systems using curl/libcurl and upgrade to the latest secure version. These vulnerabilities affect a large range of platforms and could lead to remote exploitation in certain configurations.
Other Stories
Critical Vulnerability in Metabase – Patch Immediately
CVE-2023-38646 affects Metabase Open Source and Enterprise editions. If exploited, unauthenticated attackers can execute commands, leading to data breaches and operational disruption. The presence of public PoC code increases the likelihood of exploitation.
We strongly advise immediate patching of your Metabase instances. Monitor for any signs of unusual access or system activity.
CISA Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
Although patched in January 2023, a critical vulnerability in Adobe Acrobat products is still being exploited by threat actors. The flaw is being used to target outdated software installations.
Ensure that all endpoints are running the latest version of Adobe Acrobat. Vulnerability scanners can help you identify outdated software. Contact us for remediation assistance or audits.
Citrix Patches Critical NetScaler ADC and Gateway Vulnerability
CVE-2023-4966 (CVSS 9.4) impacts NetScaler ADC and Gateway appliances configured as Gateways or AAA virtual servers. This vulnerability could allow unauthenticated attackers to exfiltrate sensitive information.
If you use NetScaler ADC or Gateway, apply the patches immediately. Review your appliance configurations and restrict external access where possible.
Microsoft Patch Tuesday – October 2023 Fixes 103 Vulnerabilities
This round of updates includes 12 critical and 91 important vulnerabilities affecting Windows Servers, Workstations, Office, and developer tools. Two of these vulnerabilities are actively exploited in the wild.
Organizations should have a defined patch management plan aligned with Microsoft’s monthly schedule. Apply updates consistently and monitor systems for signs of compromise from known exploited CVEs.
