Our news
-
Vulnerability Summary for the Week of October 18, 2021
Original release date: October 25, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — ops-cli Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file.…
-
Critical RCE Vulnerability in Discourse
Original release date: October 24, 2021 Discourse—an open source discussion platform—has released a security advisory to address a critical remote code execution (RCE) vulnerability (CVE-2021-41163) in Discourse versions 2.7.8 and earlier. CISA urges developers to update to patched versions 2.7.9 or later or apply the necessary workarounds. For more information, see RCE via malicious SNS…
-
Malware Discovered in Popular NPM Package, ua-parser-js
Original release date: October 22, 2021 Versions of a popular NPM package named ua-parser-js was found to contain malicious software. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow…
-
Cisco SD-WAN Security Bug Allows Root Code Execution
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
-
GPS Daemon (GPSD) Rollover Bug
Original release date: October 21, 2021 Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021). On October 24, 2021,…
-
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said.
-
Cisco Releases Security Updates for IOS XE SD-WAN Software
Original release date: October 21, 2021 Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco…
-
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
-
VPN Exposes Data for 1M Users, Leading to Researcher Questioning
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.
-
Geriatric Microsoft Bug Exploited by APT Using Commodity RATs
Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.