Our news

  • Microsoft Releases February 2021 Security Updates

    Original release date: February 9, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and Deployment Information and apply the necessary updates. This…

    READ MORE

  • Microsoft Warns of Windows Win32k Privilege Escalation

    Original release date: February 9, 2021 Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages users and administrators to review Microsoft Advisory…

    READ MORE

  • What happens when your SIEM deployment has stalled?

    As we discussed in a previous blog post, there are several reasons why SIEM deployments fail. When choosing a new solution there are many things to keep in mind before you choose the right fit for your company. Unfortunately, many of us have run into situations where a SIEM solution was purchased and the deployment…

    READ MORE

  • Critical WordPress Plugin Flaw Allows Site Takeover

    A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.

    READ MORE

  • Mozilla Releases Security Updates for Firefox and Firefox ESR

    Original release date: February 8, 2021 Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system.   CISA encourages users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and Firefox ESR 78.7.1 and apply…

    READ MORE

  • Vulnerability Summary for the Week of February 1, 2021

    Original release date: February 8, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accel-ppp — accel-ppp Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server,…

    READ MORE

  • Industrial Networks See Sharp Uptick in Hackable Security Holes

    Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding critical security bugs in ICS networks.

    READ MORE

  • Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

    An CRSF-to-stored-XSS security bug plagues 50,000 ‘Contact Form 7’ Style users.

    READ MORE

  • Google Chrome Zero-Day Afflicts Windows, Mac Users

    Google warns of a zero-day vulnerability in the V8 open-source engine that’s being actively exploited by attackers.

    READ MORE

  • Cisco Releases Security Updates

    Original release date: February 4, 2021 Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see…

    READ MORE