+1.408.886.7177
This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.
Cisco has released software updates to fix multiple critical and high priority vulnerabilities in their products.
Attackers could exploit these vulnerabilities to take control of an affected system.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories
Ivanti has released updates for Pulse Connect Secure to fix multiple critical vulnerabilities that can lead to complete system compromise.
System administrators are urged update immediately.
Read the full details here:
Out-of-Cycle Advisory: SA44858 – 9.1R12 Security Fixes
Cisco has released software updates to fix high priority vulnerabilities in multiple products.
Attackers could exploit these vulnerabilities to take control of an affected system.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories
SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.
The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”
System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.
Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment
Cisco has released software updates to fix high priority vulnerabilities in multiple products.
Attackers could exploit these vulnerabilities to take control of an affected system.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
US NCAS: Cisco Releases Security Updates for Multiple Products
Cisco Security Advisories
Metropolitan Transportation Authority (MTA) systems in New York City were hacked using a vulnerability in Pulse Secure VPN. The hackers did not gain access to systems that control trains and the personal data of riders was not compromised.
Other news reports that 16 malware families from China are being used to infect Pulse Secure VPN appliances.
System administrators are urged to follow the “Forensics, Remediation, and Hardening Guidelines” in this article:
FireEye Blog: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
Important news:
Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances
Cisco has released software updates to apply fixes for a vulnerability in the Lasso SSO library.
Authenticated attackers could exploit this vulnerability to impersonate another user.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
Pulse Secure released an advisory for Pulse Connect Secure with a workaround for a high priority vulnerability that allows a remote authenticated user with privileges to browse SMB shares and execute arbitrary code as the root user.
System administrators are urged to apply the workaround immediately and update to 9.1R11.5 when it is released in the future.
Read the full details here:
Pulse Secure VPNs Get Quick Fix for Critical RCE
Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability
Pulse Secure released updates for Pulse Connect Secure to fix multiple critical remote code execution (RCE) vulnerabilities that can lead to complete system compromise.
These vulnerabilities are known to be actively exploited in the wild. System administrators are urged update immediately.
Read the full details here:
Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4
Cisco has released software updates to fix a denial of service vulnerability that affects Cisco products using Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software that have a vulnerable AnyConnect VPN or WebVPN configuration.
Attackers could exploit this vulnerability to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.
Cisco devices should be updated immediately to avoid potential exploitation.
Read the full details here:
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability
关注官方微信公众号
扫码关注
扫码关注
浙公网安备 33010602011788号