+1.408.886.7177
The security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.
Cisco has released software updates to fix high priority vulnerabilities in multiple products.
Attackers could exploit these vulnerabilities to take control of an affected system.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
US NCAS: Cisco Releases Security Updates
Cisco Security Advisories
SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.
The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”
System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.
Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment
VMware has patched a vulnerability in their VMware ESXi and Cloud Foundation products.
This vulnerability could be exploited by an attacker with network access to port 5989 to bypass SFCB authentication on an affected ESXi server.
Administrators should update immediately to avoid potential exploitation.
Read the full details here:
VMware ESXi updates address authentication and denial of service vulnerabilities
Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.
This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.
System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.
Important links:
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability
Microsoft has released an out-of-band security update to fix a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.
This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.
System administrators are urged to disable the Print Spooler service and install the latest Windows updates as soon as possible.
Users should also update Windows as soon as possible to avoid potential exploitation.
Important links:
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
PrintNightmare Breakdown: Analysis and Remediation
Microsoft has released details of a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.
This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.
System administrators are urged to disable the Print Spooler service and install the June 2021 updates as soon as possible.
Important links:
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
CISA Offers New Mitigation for PrintNightmare Bug
VMware has patched a critical security vulnerability in Carbon Black App Control that could allow a remote attacker to take control of an affected system.
Administrators should update to version 8.6.2 immediately to avoid potential exploitation.
Read the full details here:
VMware Security Advisory VMSA-2021-0012
Cisco has released software updates to fix high priority vulnerabilities in multiple products.
Attackers could exploit these vulnerabilities to take control of an affected system.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
US NCAS: Cisco Releases Security Updates for Multiple Products
Cisco Security Advisories
Microsoft has released June 2021 security updates for Windows 10/8/7, Windows Server 2016/2012/2008, and SharePoint Server 2019/2016/2013.
These updates include 33 security fixes, including 5 fixes for critical security issues. Users should update as soon as possible to avoid potential exploitation.
System administrators should update servers as soon as possible to avoid potential exploitation.
Important links:
How to update Windows
June 2021 Security Updates (Release Notes)
Cisco has released software updates to apply fixes for a vulnerability in the Lasso SSO library.
Authenticated attackers could exploit this vulnerability to impersonate another user.
Administrators should apply updates immediately to avoid potential exploitation.
Important links:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
关注官方微信公众号
扫码关注
扫码关注
浙公网安备 33010602011788号