Owl Labs Flaw Removed from CISA List
by Artie Kaye
In this months CISA update list there were known exploited vulnerabilities listed from Owl Labs. After further investigation on CISA’s part, these were found to not be actively targeted as initially reported to them. As such the CVE’s related to the flaws are being removed from the exploit list. Our monthly list will be updated to acknowledge this.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Qakbot Update: Still Active
by Artie Kaye
While law enforcement reported they had taken the botnet down, recent activity from the network suggests they only took down parts of it. The administrative level devices which were targeted in the operation were only part of the network. This did not address the lower level functions, such as the spam and phishing automations. Regrettably, the botnet remains active, and may yet pose a threat to users online.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Notable Patches (October 1-6)
by Artie Kaye
Some of the zero days and severe CVE’s addressed this week.
Atlassian
Their Confluence Server and Data Center has been patched to remediate critical vulnerabilities.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Qualcomm
Patched three zero-day flaws and several other high severity flaws.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)