Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, … [Read more...] about SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
Issues
Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously … [Read more...] about Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks
Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are … [Read more...] about Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks
Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities. The updates cover .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for … [Read more...] about Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack
Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF … [Read more...] about SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack
Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software … [Read more...] about Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend."A … [Read more...] about Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated … [Read more...] about Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks … [Read more...] about Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
Microsoft Releases Patches For A Critical ‘Wormable Flaw’ and 78 Other Issues
It's Patch Tuesday—the day when Microsoft releases monthly security updates for its software.Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users' interaction.Out of 79 vulnerabilities, … [Read more...] about Microsoft Releases Patches For A Critical ‘Wormable Flaw’ and 78 Other Issues