Dieser neue Sicherheits-Feed ist eine Ressource für MSPs und IT-Profis, um über die neuesten Cybersicherheitsnachrichten und Schwachstellenwarnungen in Bezug auf Betriebssysteme, Browser, VPN und RDP auf dem Laufenden zu bleiben. Schützen Sie Ihr Unternehmen und Ihre Kunden mit aktuellen Sicherheitsnachrichten.

Cisco Patches Vulnerabilities in Several Products (August 2021)

Wednesday, August 18, 2021

Cisco has released software updates to fix multiple critical and high priority vulnerabilities in their products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories

SAP Releases Critical Security Updates for Several Products

Tuesday, August 10, 2021

SAP has released several security updates for their products to fix critical vulnerabilities that could be exploited to take control of a vulnerable system.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
SAP Security Patch Day – August 2021

Pulse Connect Secure VPN Patches Critical Vulnerabilities

Friday, August 6, 2021

Ivanti has released updates for Pulse Connect Secure to fix multiple critical vulnerabilities that can lead to complete system compromise.

System administrators are urged update immediately.

Read the full details here:
Out-of-Cycle Advisory: SA44858 – 9.1R12 Security Fixes

Cisco Patches Vulnerabilities in Multiple Products (August 2021)

Thursday, August 5, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

VMware Patches Vulnerability in VMware ESXi and Cloud Foundation

Tuesday, July 13, 2021

VMware has patched a vulnerability in their VMware ESXi and Cloud Foundation products.

This vulnerability could be exploited by an attacker with network access to port 5989 to bypass SFCB authentication on an affected ESXi server.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
VMware ESXi updates address authentication and denial of service vulnerabilities

Solarwinds Patches Critical Vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP

Friday, July 9, 2021

Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.

Important links:
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability

Microsoft Patches “PrintNightmare” Print Spooler RCE Vulnerability

Tuesday, July 6, 2021

Microsoft has released an out-of-band security update to fix a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the latest Windows updates as soon as possible.

Users should also update Windows as soon as possible to avoid potential exploitation.

Important links:
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
PrintNightmare Breakdown: Analysis and Remediation

Windows “PrintNightmare” Print Spooler RCE Vulnerability

Thursday, July 1, 2021

Microsoft has released details of a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the June 2021 updates as soon as possible.

Important links:
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
CISA Offers New Mitigation for PrintNightmare Bug

VMware Patches Critical Vulnerability in Carbon Black App Control

Tuesday, June 22, 2021

VMware has patched a critical security vulnerability in Carbon Black App Control that could allow a remote attacker to take control of an affected system.

Administrators should update to version 8.6.2 immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0012

Subscribe to the Feed

RSS