DefendEdge Logo
Categories
alerts

Cisco SD-WAN Security Bug Allows Root Code Execution

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
Categories
alerts

GPS Daemon (GPSD) Rollover Bug

Original release date: October 21, 2021

Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021). 
 
On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive.  
 
CISA urges affected CI owners and operators to ensure systems—that use GPSD to obtain timing information from GPS devices—are using GPSD version 3.23 (released August 8, 2021) or newer.
 
For more information, see Keeping Track of Time: Network Time Protocol and a GPSD Bug.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories
alerts

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said.
Categories
alerts

Cisco Releases Security Updates for IOS XE SD-WAN Software

Original release date: October 21, 2021

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-sd-wan-rhpbE34A and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories
alerts

Why is Cybersecurity Failing Against Ransomware?

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
Categories
alerts

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.
Categories
alerts

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.
Categories
alerts

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.
Categories
alerts

Oracle Releases October 2021 Critical Patch Update

Original release date: October 19, 2021

Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Oracle October 2021 Critical Patch Update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Categories
alerts

Time to Build Accountability Back into Cybersecurity

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses.

For Emergency Cyber Security Incident Response please email RedTeam@DefendEdge.com