Category: alerts

Original release date: November 16, 2021 The White House, via Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information Read more

CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files. Read more

Original release date: November 15, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info airangel — hsmx-app-25_firmware Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. 2021-11-10 10 CVE-2021-40521 MISC MISC asgaros — asgaros_forum The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user Read more

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile. Read more

Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft. Read more

Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites. Read more

Original release date: November 12, 2021 VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update. This product is provided subject Read more

Original release date: November 12, 2021 CISA has released an Industrial Control Systems Advisory (ICSA) related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation of these vulnerabilities could result in denial-of-service or buffer-overflow conditions, which may lead to remote code execution Read more

BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities. Read more

Original release date: November 12, 2021 Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS (8.1.16 and earlier). An unauthenticated attacker with network access could exploit this vulnerability to take control Read more