Cyber Security Information Portal
Vulnerability Summary for the Week of May 24, 2021 05/31/2021 08:14 AM EDT Original release date: May 31, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info aioseo — all_in_one_seo The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables …
Continue reading “Vulnerability Summary for the Week of May 24, 2021”
Joint CISA-FBI Cybersecurity Advisory on Sophisticated Spearphishing Campaign 05/28/2021 05:52 PM EDT Original release date: May 28, 2021 CISA and the Federal Bureau of Investigation (FBI) are responding to an ongoing spearphishing campaign targeting government organizations, intergovernmental organizations, and non-governmental organizations. A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact—a legitimate …
Continue reading “Joint CISA-FBI Cybersecurity Advisory on Sophisticated Spearphishing Campaign”
FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities 05/28/2021 03:40 PM EDT Original release date: May 28, 2021 The Federal Bureau of Investigation (FBI) has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat (APT) actors exploiting known Fortinet FortiOS vulnerabilities. APT actors may …
Continue reading “FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities”
Microsoft Announces New Campaign from NOBELIUM 05/27/2021 08:50 PM EDT Original release date: May 27, 2021 The Microsoft Threat Intelligence Center (MSTIC) has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. NOBELIUM was initially identified in November 2020, during an intrusion at a major …
Continue reading “Microsoft Announces New Campaign from NOBELIUM”
Updates to Alert on Pulse Connect Secure 05/27/2021 06:41 PM EDT Original release date: May 27, 2021 CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to include new threat actor techniques, tactics, and procedures (TTPs), indicators of compromise (IOCs), and updated mitigations. CISA encourages users and administrators to review AA21-110A and …
Drupal Releases Security Updates 05/27/2021 06:24 AM EDT Original release date: May 27, 2021 Drupal has released security updates to address a vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-003 and apply the necessary …
VMware Releases Security Updates 05/26/2021 06:35 AM EDT Original release date: May 26, 2021 VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory …
Google Releases Security Updates for Chrome 05/26/2021 06:37 AM EDT Original release date: May 26, 2021 Google has released Chrome version 91.0.4472.77 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and …
Continue reading “Google Releases Security Updates for Chrome”
Apple Releases Security Updates 05/25/2021 06:39 AM EDT Original release date: May 25, 2021 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products …
Vulnerability Summary for the Week of May 17, 2021 05/24/2021 07:05 AM EDT Original release date: May 24, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info cars-seller-auto-classifieds-script_project — cars-seller-auto-classifieds-script The request_list_request AJAX call of the Car Seller – Auto Classifieds Script WordPress plugin through 2.1.0, available to both …
Continue reading “Vulnerability Summary for the Week of May 17, 2021”