Operations | Monitoring | ITSM | DevOps | Cloud

Apple released a series of patches today to address zero-day vulnerabilities CVE-2023-32434 and CVE-2023-32435. As Patch Management’s best practices indicate, the company advised updating the following products: iOS, iPadOS, macOS, watchOS, and Safari browser. Keep reading to understand the extent of the exploits and discover how to easily spot outdated devices on your network using InvGate Insight.

The security of your organization’s network is paramount to its success. With the ever-changing landscape of cyber threats, it's important to take the necessary steps to ensure that your network is secure and compliant with industry regulations. Ensuring compliance requires you to know what’s on your network. But how can that be done when only 48% of leaders and security professionals say they run their asset discovery program at least once per week?

Resistance to change is always present, especially if you think the processes you have in place are efficient and effective. Many organizations feel this way about their software management procedures until they have a security breach or incident and are left wondering where they went wrong. The reality is that most patch management programs are built on assumptions and recommendations, rather than facts about actively exploited vulnerabilities. Risk-based patch management is the answer to this issue.

Patrick DeVivo is a software engineer and founder of MergeStat, an open source project that makes it possible to query the contents, history, and metadata of source code with SQL. The security posture of software supply chains has been a significant topic lately. Recent high-profile breaches have shown the importance of managing risks from third party code. Take, for example, the Log4Shell vulnerability (tracked as CVE-2021-44228 — Grafana Labs was not affected).

In this article, we explore the features and capabilities of the top five vulnerability scanning tools so that you can consider all the key factors before selecting one.

Two new zero-day exploits that affect the Chromium browser core were reported on April 14th. And since both Chrome and Microsoft Edge are based on it, Google advised to update the browsers. The vulnerabilities CVE-2023-2033 and CVE-2023-2136 can lead to remote code execution and have already been fixed. But that doesn't mean that's the end of the problem.

As the digital world becomes more interconnected, cyber threats evolve and become more sophisticated, putting businesses and individuals at risk. On February 14, 2023, Microsoft announced a critical vulnerability in the Windows Common Log File System (CLFS) driver, known as CVE-2023-23376. This vulnerability allows attackers to elevate privileges and gain unauthorized access to sensitive data, potentially resulting in severe consequences for affected systems.

As you likely be all too aware, there is a Microsoft Outlook zero-day vulnerability listed under CVE-2023-23397. With the increased attacks on Outlook this month, Microsoft has pushed out fixes for about 80 Windows flaws. More information on some of those patches can be found in my colleague Lewis Pope’s March 2023 Patch Tuesday blog. Lewis was also kind enough to send over the remediation script for both N-able N-central and N-able N-sight.