Teams | Collaboration | Customer Service | Project Management

Vulnerability

InvGate

Apple Zero-Day: How to Spot Devices to Update in Your Company in Seconds

Just a couple of days after Google announced a high-risk zero-day vulnerability in Chrome, Apple disclosed two zero-day vulnerabilities affecting their operating system on both mobile and desktop devices. The company has already issued updates for its iOS and macOS users. The patched versions are as follows: As for the Apple zero-day exploits, they were reported anonymously.

Chrome Zero Day: Find vulnerable devices for patching

Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well. Therefore, if you haven’t already, you should check your browser details to check if it’s updated to version 99.0.4844.84 of Chrome or version 99.0.1150.55 or higher of Edge. Matt Beran shows you how you can find vulnerable devices across your inventory for proactive patching using InvGate Insight.
InvGate

Chrome zero-day: find devices with vulnerabilities across your inventory

If you’re an asset manager or an application administrator, you must have had - or are about to have - a lot of work since there’s a new Chrome zero-day vulnerability in the wild. Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well.

zulip

Zulip Cloud security vulnerability with reusable invitation links

An internal investigation recently uncovered a vulnerability (identified as CVE-2022-21706) in Zulip’s invitation links. Specifically, a reusable invitation link could be used to join a different organization than the one it was created for. As a result, there was a potential for users to join any organization without an invitation (and bypassing domain restrictions). This vulnerability was discovered by the Zulip security team, and has now been fixed for all Zulip Cloud organizations.

tasktop

Tasktop's Rapid Response to the Log4J Vulnerability Exemplifies the Importance of Value Stream Management

The Log4j vulnerability that set the internet on fire on Friday was happily already fixed in Tasktop’s SaaS products by early afternoon. Customers running our solutions on-prem promptly received a security bulletin containing instructions on how to address the vulnerability shortly after. Our customers’ palpable relief and gratitude was a great reminder of why speed-to-market is so essential to the modern enterprise.

mattermost

Coordinated disclosure of XML round-trip vulnerabilities in Go's standard library

This blog post is a part of Mattermost’s public disclosure of three serious vulnerabilities in Go’s encoding/xml related to tokenization round-trips. The public disclosure comes as a result of several months of work, including collaborating with the Go security team since August 2020 and with affected downstream project maintainers since earlier this month.