Category: alerts

Original release date: September 14, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review Microsoft’s September 2021 Security Update Summary and Deployment Information and apply the necessary updates.… Read more

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. Read more

Original release date: September 14, 2021 The New Zealand Computer Emergency Response Team (CERT NZ) has released a guide on ransomware protection for businesses. The guide includes a pair of helpful diagrams that outline different ransomware attack pathways and illustrate where relevant security controls can work to protect or stop an attack.   CISA encourages… Read more

Imperva’s Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. Read more

Original release date: September 13, 2021 Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products.  An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the… Read more

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. Read more

Original release date: September 13, 2021 Apple has released security updates to address vulnerabilities—CVE-2021-30860, CVE-2021-30858—in iOS and iPadOS. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the… Read more

The security vulnerability can be exploited with a malicious CSV file. Read more

Original release date: September 13, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adaptivescale — lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 10 CVE-2021-40494 MISC arubanetworks — arubaos A remote… Read more

Original release date: September 13, 2021 CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation: Oct. 6 – Assembly Required: The Pieces of the Vulnerability Management… Read more