This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

Google Chrome Security Update Released (91.0.4472.101)

Wednesday, June 9, 2021

Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This update includes 14 security fixes.

One of the vulnerabilities is known to be exploited in the wild. Users are advised to update immediately to avoid potential exploitation.

Important links:
How to Update Google Chrome to the Latest Version
Google Chrome 91.0.4472.101 Release Notes

Windows Security Updates Released (June 2021)

Tuesday, June 8, 2021

Microsoft has released June 2021 security updates for Windows 10/8/7, Windows Server 2016/2012/2008, and SharePoint Server 2019/2016/2013.

These updates include 33 security fixes, including 5 fixes for critical security issues. Users should update as soon as possible to avoid potential exploitation.

System administrators should update servers as soon as possible to avoid potential exploitation.

Important links:
How to update Windows
June 2021 Security Updates (Release Notes)

Adobe Releases Critical Security Updates for Several Products

Tuesday, June 8, 2021

Adobe has released several security updates for their products, including Adobe Connect, Adobe Acrobat and Reader, Adobe Photoshop, Adobe Experience Manager, Adobe Creative Cloud Desktop Application, Adobe RoboHelp Server, Adobe Photoshop Elements, Adobe Premiere Elements, Adobe After Effects, and Adobe Animate.

Users should install any Adobe updates as soon as possible to prevent possible exploitation of these vulnerabilities.

Read the full details here:
Adobe Security Bulletins and Advisories

Android OS Security Update Released (2021-06-05)

Monday, June 7, 2021

Android devices should be updated to security patch levels of 2021-06-05 or later to address multiple critical and high severity vulnerabilities.

Important links:
How to check & update your Android version
Android Security Bulletin — June 2021

General Advisory: Several Recent Ransomware Attacks

Sunday, June 6, 2021

Ransomware is a form of malware designed to encrypt files on a device to render them unusable until a ransom is paid for a decryption key. Ransom DDoS attacks involve overwhelming public servers with large volumes of traffic to bring them offline until a ransom is paid.

Several recent ransomware attacks have made headlines, including attacks on JBS (a global meat processor), Colonial Pipeline (a top US fuel pipeline), CNA financial (a large US insurance company), and Bose (an audio electronics manufacturer).

Administrators are urged to review ransomware guidance, follow best practices for preventing ransomware attacks, ensure that data is backed up regularly, and create a continuity plan to follow in case a ransomware attack occurs.

Important resources: Ransomware Guidance and Resources Fact Sheet: Rising Ransomware Threat to Operational Technology Assets
FBI Ransomware Guidance

Important news:
Global meat processor JBS shuts part of operation to blunt cyberattack fallout
Three takeaways from the Colonial Pipeline attack
One of the US’s largest insurance companies reportedly paid $40 million to ransomware hackers
Bose Admits Ransomware Hit: Employee Data Accessed
Exchange Servers Targeted by ‘Epsilon Red’ Malware

MTA Systems in NYC Hacked Using Pulse Secure VPN Vulnerability

Thursday, June 3, 2021

Metropolitan Transportation Authority (MTA) systems in New York City were hacked using a vulnerability in Pulse Secure VPN. The hackers did not gain access to systems that control trains and the personal data of riders was not compromised.

Other news reports that 16 malware families from China are being used to infect Pulse Secure VPN appliances.

System administrators are urged to follow the “Forensics, Remediation, and Hardening Guidelines” in this article:
FireEye Blog: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

Important news:
Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances

Microsoft Edge Security Update Released (91.0.864.41)

Thursday, June 3, 2021

Microsoft Edge version 91.0.864.41 has been released. This update includes security fixes. Users should update as soon as possible to avoid potential exploitation.

Important links:
How to update Microsoft Edge web browser
Microsoft Edge Release Notes

Google Adds New Protections for Chrome Extensions and Downloads

Thursday, June 3, 2021

Google has added new protections to its Enhanced Safe Browsing feature. Warnings will now be shown when installing Chrome extensions that are not trusted, or when downloading a file that might be dangerous.

Installing a malicious Chrome extension or opening a dangerous file has the potential to infect your computer with malware.

Users are advised to enable Enhanced Safe Browsing, not install Chrome extensions showing a warning, and to scan downloaded files that might be dangerous when prompted by Chrome.

To enable Enhanced Safe Browsing, follow the steps here:
How to Turn on Enhanced Safe Browsing in Google Chrome

Read the full details here:
Google Blog: New protections for Enhanced Safe Browsing users in Chrome

Cisco Patches Lasso SAML Implementation Vulnerability Affecting Cisco Products

Tuesday, June 1, 2021

Cisco has released software updates to apply fixes for a vulnerability in the Lasso SSO library.

Authenticated attackers could exploit this vulnerability to impersonate another user.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

Firefox Security Update Released (89)

Tuesday, June 1, 2021

Mozilla has released Firefox version 89 for Windows, Mac, Linux, and Android. This update includes fixes for security issues. Users should update as soon as possible to avoid potential exploitation.

Important links:
How to update Firefox to the latest release
Firefox 89 Release Notes