This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

Cisco Patches Vulnerabilities in Several Products (August 2021)

Wednesday, August 18, 2021

Cisco has released software updates to fix multiple critical and high priority vulnerabilities in their products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories

Pulse Connect Secure VPN Patches Critical Vulnerabilities

Friday, August 6, 2021

Ivanti has released updates for Pulse Connect Secure to fix multiple critical vulnerabilities that can lead to complete system compromise.

System administrators are urged update immediately.

Read the full details here:
Out-of-Cycle Advisory: SA44858 – 9.1R12 Security Fixes

Cisco Patches Vulnerabilities in Multiple Products (August 2021)

Thursday, August 5, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

Cisco Patches Vulnerabilities in Multiple Products (June 2021)

Thursday, June 17, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates for Multiple Products
Cisco Security Advisories

MTA Systems in NYC Hacked Using Pulse Secure VPN Vulnerability

Thursday, June 3, 2021

Metropolitan Transportation Authority (MTA) systems in New York City were hacked using a vulnerability in Pulse Secure VPN. The hackers did not gain access to systems that control trains and the personal data of riders was not compromised.

Other news reports that 16 malware families from China are being used to infect Pulse Secure VPN appliances.

System administrators are urged to follow the “Forensics, Remediation, and Hardening Guidelines” in this article:
FireEye Blog: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

Important news:
Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances

Cisco Patches Lasso SAML Implementation Vulnerability Affecting Cisco Products

Tuesday, June 1, 2021

Cisco has released software updates to apply fixes for a vulnerability in the Lasso SSO library.

Authenticated attackers could exploit this vulnerability to impersonate another user.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

Pulse Connect Secure VPN Workaround Published for High Priority Vulnerability

Tuesday, May 25, 2021

Pulse Secure released an advisory for Pulse Connect Secure with a workaround for a high priority vulnerability that allows a remote authenticated user with privileges to browse SMB shares and execute arbitrary code as the root user.

System administrators are urged to apply the workaround immediately and update to 9.1R11.5 when it is released in the future.

Read the full details here:
Pulse Secure VPNs Get Quick Fix for Critical RCE
Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability

Pulse Connect Secure VPN Patches Critical RCE Vulnerabilities

Monday, May 3, 2021

Pulse Secure released updates for Pulse Connect Secure to fix multiple critical remote code execution (RCE) vulnerabilities that can lead to complete system compromise.

These vulnerabilities are known to be actively exploited in the wild. System administrators are urged update immediately.

Read the full details here:
Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4

Cisco Patches DoS Vulnerability for ASA and FTD VPN Software

Wednesday, April 28, 2021

Cisco has released software updates to fix a denial of service vulnerability that affects Cisco products using Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software that have a vulnerable AnyConnect VPN or WebVPN configuration.

Attackers could exploit this vulnerability to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco devices should be updated immediately to avoid potential exploitation.

Read the full details here:
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability

Subscribe to the Feed

RSS

Categories

All
General Advisories
(17)
News
(10)
Splashtop
(22)
Security Blog
(20)
Security News
(2)
IT Security Updates
(56)
VPN (Virtual Private Network)
(13)
RDP (Remote Desktop Protocol)
(3)
Networking (Routers, Switches)
(14)
Servers
(42)
Platform Security Updates
(137)
Web Browsers
(76)
Windows
(20)
MacOS
(15)
iOS
(16)
Android
(7)
Software
(9)