Our news
-
Microsoft Releases July 2021 Security Updates
Original release date: July 13, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2021 Security Update Summary and Deployment Information and apply the necessary updates. This…
-
Kaseya Ransomware Attack: Guidance and Resources
Original release date: July 13, 2021 CISA has created a webpage to provide information and guidance for the recent ransomware attack against Kaseya customers that include managed service providers (MSPs) and customers of those MSPs. CISA encourages affected organizations to review Kaseya Ransomware Attack: Guidance for Affected MSPs and their Customers for more information. This product is…
-
New CISA Director Confirmed, White House Gains Cyber-Director
Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on.
-
WordPress File Management Plugin Riddled with Critical Bugs
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.
-
SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
Microsoft alerted the company to a security vulnerability in its Serv-U Managed File Transfer and Secure FTP products that a cyberattacker is using to target a “limited” amount of customers.
-
Kaseya Provides Security Updates for VSA On-Premises Software Vulnerabilities
Original release date: July 12, 2021 Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers. CISA strongly urges Kaseya customers closely follow the instructions detailed in the Kaseya security notice and contact Kaseya should they require implementation assistance. Note: the Kaseya security…
-
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
The attacks are enabled by an unpatched security vulnerability in ForgeRock’s Access Management, a popular platform that front-ends web apps and remote-access setups.
-
Vulnerability Summary for the Week of July 5, 2021
Original release date: July 12, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info artware_cms_project — artware_cms ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.…
-
Kaseya Patches Zero-Days Used in REvil Attacks
The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.
-
Critical ForgeRock Access Management Vulnerability
Original release date: July 12, 2021 Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability…