Author: DEFENDEDGE

Original release date: August 10, 2021 Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. An attacker can exploit this vulnerability to obtain access to sensitive information. CISA recommends users and administrators review Citrix Security Bulletin CTX322787 and apply the necessary update. This product is provided subject to… Read more

Original release date: August 10, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s August 2021 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided… Read more

Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. Read more

Is fuzzing for the cybersec elite, or should it be accessible to all software developers? FuzzCon panelists say join the party as they share fuzzing wins & fails. Read more

Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. Read more

A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks. Read more

Original release date: August 9, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info basic_shopping_cart_project — basic_shopping_cart A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. 2021-07-30 7.5 CVE-2021-34165 MISC ectouch — ectouch SQL Injection Vulnerability in… Read more

The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process. Read more

Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data. Read more

Original release date: August 6, 2021 Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review Ivanti’s Security Advisory SA44858 and apply the necessary update. This product is provided subject to this Notification and… Read more