Month: June 2021

Original release date: June 30, 2021 The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote code execution vulnerability in the Windows Print spooler service, noting: “while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does not address the public exploits that also identify as… Read more

Original release date: June 30, 2021 CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control… Read more

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. Read more

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability. Read more

The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code execution attacks. Read more

The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload. Read more

Original release date: June 29, 2021 In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced  the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions. While extensive guidance on cybersecurity “best practices” exists,… Read more

Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released. Read more

A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion. Read more

Original release date: June 28, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — nuttx Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior… Read more