Category: alerts

Original release date: December 7, 2020 Cisco has released a security advisory on an Arbitrary Code Execution vulnerability—CVE-2020-3556—affecting Cisco AnyConnect Secure Mobility Client devices. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory… Read more

Original release date: December 7, 2020 The National Security Agency (NSA) has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. The NSA advisory… Read more

Original release date: December 7, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor… Read more

As hackers put a bullseye on healthcare, Threatpost spotlights how hospitals, researchers and patients have been affected and how the sector is bolstering their cyber defenses. Read more

In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security. Read more

The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. Read more

Desktop versions of the browser received a total of eight fixes, half rated high-severity. Read more

The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. Read more

Original release date: December 4, 2020 The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2020-17527 upgrade to the… Read more

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” Read more