Author: DEFENDEDGE
-
Microsoft Releases October 2021 Security Updates
Original release date: October 12, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment Information and apply the necessary updates. This product… Read more
-
Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers. Read more
-
Apple Releases Security Update to Address CVE-2021-30883
Original release date: October 12, 2021 Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users to review the Apple security page for iOS 15.0.2 and iPadOS… Read more
-
Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation. Read more
-
Vulnerability Summary for the Week of October 4, 2021
Original release date: October 11, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info archibus — web_central ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another… Read more
-
NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques
Original release date: October 8, 2021 The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA).… Read more
-
Future Trends within Cloud Security
What’s happening 95% of companies have a presence within the cloud. Many organizations don’t realize they are active within the “cloud,” even though they have a massive amount of data within programs such as Microsoft office 365. Since the pandemic, many businesses shifted over to cloud-based apps and systems for the first time. In order to reduce… Read more
-
Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation
Original release date: October 7, 2021 On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild. CISA is also seeing ongoing scanning of vulnerable systems,… Read more
-
Canopy Parental Control App Wide Open to Unpatched XSS Bugs
The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. Read more
-
CISA Releases Security Advisory for Honeywell Experion and ACE Controllers
Original release date: October 5, 2021 CISA has released an Industrial Controls Systems (ICS) advisory detailing multiple vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to… Read more