Category: alerts
Category Added in a WPeMatico Campaign
-
Vulnerability Summary for the Week of August 30, 2021
Original release date: September 6, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info atlassian — confluence In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code Read more
-
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. Read more
-
CISA Insights on Risk Considerations for Managed Service Provider Customers
Original release date: September 3, 2021 CISA has released a new CISA Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides Managed Service Provider (MSP) customers a framework for reducing risk. This framework is designed for government and private sector organizations of all sizes, and it suggests considerations for IT management planning, best Read more
-
Atlassian Releases Security Updates for Confluence Server and Data Center
Original release date: September 3, 2021 On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting Confluence Server and Data Center. Recently, CVE-2021-26084 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. CISA urges users Read more
-
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors’ chipsets. Read more
-
Cisco Releases Security Updates for Cisco Enterprise NFVIS
Original release date: September 2, 2021 Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages Read more
-
Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app. Read more
-
Cisco Patches Critical Authentication Bug With Public Exploit
There’s proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn’t seen any malicious exploit yet. Read more
-
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted
Users should be careful whose pics they view and should, of course, update their apps. Read more
-
Comcast RF Attack Leveraged Remotes for Surveillance
IoT vulnerabilities turn remote into listening device, researchers find, which impacted 18 million Xfinity customers. Read more