#microsoft

Apple Security Advisory 2021-10-26-7 - tvOS 15.1 addresses buffer overflow, code execution, cross site scripting, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2021-10-26-6 - watchOS 8.1 addresses buffer overflow, code execution, cross site scripting, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Backdoor.Win32.Hupigon.afjk malware suffers from a man-in-the-middle vulnerability.

Backdoor.Win32.Hupigon.afjk malware suffers from a directory traversal vulnerability.

Backdoor.Win32.Hupigon.acio malware suffers from an unauthenticated open proxy vulnerability.

WordPress Supsystic Contact Form plugin version 1.7.18 suffers from a persistent cross site scripting vulnerability.

Apple Security Advisory 2021-10-26-5 - Security Update 2021-007 Catalina addresses code execution, integer overflow, out of bounds read, and out of bounds write vulnerabilities.

Backdoor.Win32.Hupigon.acio malware suffers from an unquoted service path vulnerability.

Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users' credentials,

Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind an ongoing wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "compromise-one-to-compromise-many"