Author: DEFENDEDGE

  • Adobe Releases Multiple Security Updates

    Original release date: August 18, 2021 Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: APSB21-60 Captivate APSB21-65 XMP Toolkit SDK APSB21-68… Read more

  • Unpatched Fortinet Bug Allows Firewall Takeovers

    The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month. Read more

  • Kerberos Authentication Spoofing: Don’t Bypass the Spec

    Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. Read more

  • Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

    A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. Read more

  • BadAlloc Vulnerability Affecting Devices Incorporating Older BlackBerry QNX Products

    Original release date: August 17, 2021 CISA released an Alert today on devices incorporating older versions of multiple BlackBerry QNX products affected by a BadAlloc vulnerability. A malicious actor could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition.  Because devices incorporating older versions of BlackBerry QNX products support… Read more

  • CISA Releases Security Advisory for ThroughTek Kalay P2P SDK

    Original release date: August 17, 2021 CISA has released an Industrial Control Systems (ICS) advisory detailing a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK). A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the ICS Advisory: ICSA-21-229-01 ThroughTek… Read more

  • AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

    Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code… Read more

  • Apple Releases Security Update

    Original release date: August 17, 2021 Apple has released a security update to address vulnerabilities in iCloud for Windows 12.5. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provided subject to this… Read more

  • Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

    Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets. Read more

  • XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

    The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites. Read more