Category: alerts

Original release date: November 17, 2021 CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)  have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with… Read more

A politically motivated group is paralyzing Israeli entities with no financial goal — and no intention of handing over decryption keys. Read more

Original release date: November 16, 2021 The White House, via Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information… Read more

CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files. Read more

Original release date: November 15, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info airangel — hsmx-app-25_firmware Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. 2021-11-10 10 CVE-2021-40521 MISC MISC asgaros — asgaros_forum The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user… Read more

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile. Read more

Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft. Read more

Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites. Read more

Original release date: November 12, 2021 VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update. This product is provided subject… Read more

Original release date: November 12, 2021 CISA has released an Industrial Control Systems Advisory (ICSA) related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation of these vulnerabilities could result in denial-of-service or buffer-overflow conditions, which may lead to remote code execution… Read more