Author: DEFENDEDGE

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite. Read more

The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365. Read more

Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution. Read more

Mystery of spying using popular chat apps uncovered by Google Project Zero researcher. Read more

Original release date: January 18, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor… Read more

Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures. Read more

Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. Read more

Original release date: January 15, 2021 The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command… Read more

Security researchers lambasted the controversial macOS Big Sur feature for exposing users’ sensitive data. Read more

Original release date: January 15, 2021 The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.    CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.… Read more