Author: DEFENDEDGE
-
Cisco Releases Advisories for Multiple Products
Original release date: January 21, 2021 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco Advisories… Read more
-
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory. Read more
-
Critical Cisco SD-WAN Bugs Allow RCE Attacks
Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite. Read more
-
Malwarebytes Hit by SolarWinds Attackers
The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365. Read more
-
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution. Read more
-
Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms
Mystery of spying using popular chat apps uncovered by Google Project Zero researcher. Read more
-
Vulnerability Summary for the Week of January 11, 2021
Original release date: January 18, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor… Read more
-
Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show
Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures. Read more
-
Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. Read more
-
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
Original release date: January 15, 2021 The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command… Read more