Author: DEFENDEDGE
-
An American company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.
The Russia-based agency behind last year’s massive SolarWinds cyberattack has tried to hack another 140 tech companies, its latest intrusion into US cyber infrastructure. Microsoft says that Nobelium’s latest hack targeted ‘resellers and other technology service providers that customize, deploy and manage cloud services.’ Fourteen firms successfully had their defenses breached, although they haven’t been… Read more
-
VMware Releases Security Update for Tanzu Application Service for VMs
Original release date: November 12, 2021 VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update. This product is provided subject… Read more
-
CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations
Original release date: November 12, 2021 CISA has released an Industrial Control Systems Advisory (ICSA) related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation of these vulnerabilities could result in denial-of-service or buffer-overflow conditions, which may lead to remote code execution… Read more
-
Millions of Routers, IoT Devices at Risk from New Open-Source Malware
BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities. Read more
-
Palo Alto Networks Release Security Updates for PAN-OS
Original release date: November 12, 2021 Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS (8.1.16 and earlier). An unauthenticated attacker with network access could exploit this vulnerability to take control… Read more
-
Back-to-Back PlayStation 5 Hacks Hit on the Same Day
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices. Read more
-
VMware Releases Security Advisory
Original release date: November 11, 2021 VMware has released a security advisory to address a privilege escalation vulnerability in vCenter Server and Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0025 and apply the necessary workaround. This… Read more
-
Apple Releases Security Update for iCloud for Windows 13
Original release date: November 11, 2021 Apple has released a security update to address multiple vulnerabilities in iCloud for Windows 13. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security page and apply the necessary update. This product is provided… Read more
-
Critical Citrix Bug Shuts Down Network, Cloud App Access
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances. Read more
-
Massive Zero Day Hole Found in Palo Alto Security Appliances
Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls. Read more