Our news
-
Apple Releases Security Updates
Original release date: February 2, 2021 Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the…
-
Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156
Original release date: February 2, 2021 Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user.…
-
Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products
Original release date: February 2, 2021 CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on…
-
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.
-
Vulnerability Summary for the Week of January 25, 2021
Original release date: February 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info async-git_project — async-git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. 2021-01-26 7.5 CVE-2021-3190 MISC MISC MISC CONFIRM caret — caret A…
-
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications.
-
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices.
-
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.
-
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
-
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.