Our news
-
CERT/CC Releases Information on Vulnerabilities Affecting Open-Source TCP/IP Stacks
Original release date: December 8, 2020 The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users…
-
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.
-
Apache Releases Security Update for Apache Struts 2
Original release date: December 8, 2020 The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Apache Security…
-
SAP Releases December 2020 Security Updates
Original release date: December 8, 2020 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include a missing authentication check vulnerability affecting SAP NetWeaver AS JAVA (P2P Cluster Communication). The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
-
‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices
A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns.
-
NSA Warns: Patched VMware Bug Under Active Attack
Feds are warning that adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products.
-
NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006
Original release date: December 7, 2020 The National Security Agency (NSA) has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. The NSA advisory…
-
Cisco Releases Security Advisory for Vulnerability in AnyConnect Software
Original release date: December 7, 2020 Cisco has released a security advisory on an Arbitrary Code Execution vulnerability—CVE-2020-3556—affecting Cisco AnyConnect Secure Mobility Client devices. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory…
-
Vulnerability Summary for the Week of November 30, 2020
Original release date: December 7, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor…
-
Insider Report: Healthcare Security Woes Balloon in COVID-Era
As hackers put a bullseye on healthcare, Threatpost spotlights how hospitals, researchers and patients have been affected and how the sector is bolstering their cyber defenses.