Author: DEFENDEDGE
-
Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
Original release date: August 21, 2021 Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all… Read more
-
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. Read more
-
A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
The Texas-based company, SolarWinds, that became the epicenter of a massive supply chain attack late last year has issued patches to contain a remote code execution flaw. These changes were brought on by the Microsoft notification to the IT management and remote monitoring software maker that the flaw was being exploited in the wild. SolarWinds… Read more
-
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. Read more
-
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life. Read more
-
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention. Read more
-
ISC Releases Security Advisory for BIND
Original release date: August 19, 2021 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the… Read more
-
Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems. Read more
-
Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks
The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices. Read more
-
Mozilla Releases Security Updates
Original release date: August 18, 2021 Mozilla has released security updates to address vulnerabilities in Firefox 91.0.1 and Thunderbird 91.0.1. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory 2021-37 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. Read more