Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s November 2021 Security Update Summary and Deployment Information and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Citrix Releases Security Updates
Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
CISA encourages users and administrators to review Citrix Security Bulletin CTX330728Â and apply the necessary updates as soon as possible.
This product is provided subject to this Notification and this Privacy & Use policy.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the SAP Security Notes for November 2021 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities found in Siemens Nucleus Real-Time Operating Systems (RTOS) and supporting libraries. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review ICS Advisory: ICSA-21-313-03 Siemens Nucleus RTOS TCP/IP Stack for more information and apply the necessary mitigations.
This product is provided subject to this Notification and this Privacy & Use policy.
On September 16, CISA released a joint alert on exploitation of a vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) released separate reports on targeted attacks against ManageEngine ADSelfService Plus. Â
CISA encourages organizations to review the indicators of compromise and other technical details in the following reports to uncover any malicious activity within their networks.
- Palo Alto Networks: Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
- MSTIC: Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
This product is provided subject to this Notification and this Privacy & Use policy.