Author: DEFENDEDGE
-
Vulnerability Summary for the Week of April 26, 2021
Original release date: May 3, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info avaya — session_border_controller_for_enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges.… Read more
-
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. Read more
-
F5 Big-IP Vulnerable to Security-Bypass Bug
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. Read more
-
Codecov Releases New Detections for Supply Chain Compromise
Original release date: April 30, 2021 CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021,… Read more
-
Samba Releases Security Updates
Original release date: April 30, 2021 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for CVE-2021-20254 and apply the necessary updates… Read more
-
Multi-Gov Task Force Plans to Take Down the Ransomware Economy
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. Read more
-
CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities
Original release date: April 29, 2021 CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. CISA encourages users and administrators… Read more
-
Modern Phishing: A Hidden Threat in Plain Sight
Modern Phishing: A Hidden Threat in Plain Sight While it may come as a surprise to some, phishing is still a lucrative business for cybercriminals. Phishing is defined as the fraudulent practice of sending emails pretending to be from reputable companies in order to reveal personal information. In 2020 alone the FBI’s Internet Crime Report stated that phishing scams in the United… Read more
-
Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. Read more
-
Linux Kernel Bug Opens Door to Wider Cyberattacks
The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices. Read more