Author: DEFENDEDGE
-
Vulnerability Summary for the Week of September 13, 2021
Original release date: September 20, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. 2021-09-10 7.5 CVE-2021-37422 MISC zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is… Read more
-
Porn Problem: Adult Ads Persist on US Gov’t, Military Sites
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. Read more
-
Public Wi-Fi Safety
The use of public wi-fi has become a worldwide phenomenon over the last ten years with establishments offering free wi-fi in exchange for their business and attendance. Moreover, many companies are pushing for their workers to work remotely nowadays, thus increasing the availability and comfort of using free public wi-fi. However, anything deemed free in life will normally come with a… Read more
-
Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed “Seventh Inferno” (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon’s Cries (CVSS… Read more
-
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. Read more
-
CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. Read more
-
ACSC Releases Annual Cyber Threat Report
Original release date: September 16, 2021 The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year. The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities,… Read more
-
FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability
Original release date: September 16, 2021 The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that… Read more
-
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States… Read more
-
Microsoft Releases Security Update for Azure Linux Open Management Infrastructure
Original release date: September 16, 2021 Microsoft has released an update to address a remote code execution vulnerability in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update. This product… Read more