Author: DEFENDEDGE

  • Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

    Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors. Read more

  • Microsoft Releases November 2021 Security Updates

    Original release date: November 9, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2021 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided… Read more

  • Citrix Releases Security Updates

    Original release date: November 9, 2021 Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Bulletin CTX330728 and apply the necessary updates as soon… Read more

  • 12 New Flaws Used in Ransomware Attacks in Q3

    The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021. Read more

  • SAP Releases November 2021 Security Updates

    Original release date: November 9, 2021 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for November 2021 and apply the necessary updates. This product is provided… Read more

  • CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems

    Original release date: November 9, 2021 CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities found in Siemens Nucleus Real-Time Operating Systems (RTOS) and supporting libraries. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review ICS Advisory: ICSA-21-313-03… Read more

  • Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

    Original release date: November 9, 2021 On September 16, CISA released a joint alert on exploitation of a vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) released separate reports on targeted attacks against ManageEngine ADSelfService Plus.   CISA encourages organizations to review… Read more

  • Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

    Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks. Read more

  • Zoho Password Manager Flaw Torched by Godzilla Webshell

    A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and… Read more

  • Vulnerability Summary for the Week of November 1, 2021

    Original release date: November 8, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info aaptjs_project — aaptjs An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. 2021-10-31 7.5 CVE-2020-36380 MISC aaptjs_project — aaptjs An issue… Read more