This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

Windows Security Updates Released (April 2021)

Tuesday, April 13, 2021

Microsoft has released April 2021 security updates for Windows 10/8/7, Windows Server 2012/2008, Microsoft Exchange Server 2019/2016/2013, and SharePoint Server 2019.

These updates include 40 security fixes. Users should update as soon as possible to avoid potential exploitation.

System administrators should update servers immediately to mitigate newly disclosed Microsoft Exchange vulnerabilities.

Important links:
How to update Windows
April 2021 Security Updates (Release Notes)

VMware Patches Critical Vulnerability in Carbon Black Cloud Workflow

Thursday, April 1, 2021

VMware has patched a critical security vulnerability in Carbon Black Cloud Workflow that could allow a remote attacker to take control of an affected system.

Administrators should update to version 1.0.2 immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0005

The Samba Team Patches Critical Vulnerabilities in Samba Software

Wednesday, March 24, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Read the full details here:
Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases

Adobe Patches Critical Vulnerabilities in ColdFusion

Monday, March 22, 2021

Adobe has patched a critical vulnerability in ColdFusion that could be exploited to take control of a vulnerable system.

ColdFusion software should be updated immediately to avoid potential exploitation.

Read the full details here:
Adobe Security Bulletin APSB21-16: Security updates available for Adobe ColdFusion

General Advisory: Microsoft Releases One-Click Mitigation Tool for Critical On-Premises Exchange Vulnerabilities

Monday, March 15, 2021

Microsoft has released a one-click mitigation tool as an interim mitigation for on-premises exchange vulnerabilities. It’s designed to prevent attacks for servers that have not yet applied the on-premises exchange security updates.

The on-premises exchange vulnerabilities are being exploited in the wild at an alarming rate, causing CISA to issue an emergency directive on March 3rd, 2021.

Attackers can gain persistent system access and control of an enterprise network without authenticating, and are known to install malware on compromised systems.

Any on-premises exchange servers should run the mitigation tool immediately to prevent exploitation of these vulnerabilities and then apply security updates as soon as possible.

Read the full details here:
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021

F5 Patches Critical Vulnerabilities in BIG-IP and BIG-IQ

Wednesday, March 10, 2021

F5 announced patches for BIG-IP and BIG-IQ to fix 4 critical vulnerabilities that can lead to complete system compromise.

Attackers are known to be exploiting these vulnerabilities in the wild, so system administrators are urged to update BIG-IP and BIG-IQ as soon as possible.

Read the full details here:
Overview of F5 vulnerabilities (March 2021)
BIG-IP update and upgrade guide
Upgrading ELA BIG-IP VE through BIG-IQ License manager
Frequently asked questions for upgrade and update videos

Windows Security Updates Released (March 2021)

Tuesday, March 9, 2021

Microsoft has released March 2021 security updates for Windows 10/8/7 and Windows Server 2012/2008. These updates include 44 security fixes. Users should update as soon as possible to avoid potential exploitation.

Important links:
How to update Windows
March 2021 Security Updates (Release Notes)

Android OS Security Update Released (2021-03-05)

Monday, March 1, 2021

Android devices should be updated to security patch levels of 2021-03-05 or later to address multiple critical and high severity vulnerabilities.

Important links:
How to check & update your Android version
Android Security Bulletin — March 2021

Cisco Patches Critical Vulnerability in NX-OS Software

Wednesday, February 24, 2021

Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode be updated immediately to avoid potential exploitation.

Read the full details here:
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability

General Advisory: Massive increase in RDP attack attempts during 2020

Monday, February 8, 2021

Between Q1 and Q4 2020, ESET telemetry recorded a staggering 768% increase in RDP attack attempts.

Read the full details here:
ESET issues its Q4 2020 Threat Report recording a massive increase in RDP attack attempts since Q1

Email Alerts