Author: DEFENDEDGE

Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on. Read more

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. Read more

Microsoft alerted the company to a security vulnerability in its Serv-U Managed File Transfer and Secure FTP products that a cyberattacker is using to target a “limited” amount of customers. Read more

Original release date: July 12, 2021 Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers. CISA strongly urges Kaseya customers closely follow the instructions detailed in the Kaseya security notice and contact Kaseya should they require implementation assistance. Note: the Kaseya security… Read more

The attacks are enabled by an unpatched security vulnerability in ForgeRock’s Access Management, a popular platform that front-ends web apps and remote-access setups. Read more

Original release date: July 12, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info artware_cms_project — artware_cms ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.… Read more

The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers. Read more

Original release date: July 12, 2021 Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability… Read more

The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. Read more

Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it. Read more