Cyber Security Information Portal
Vulnerability Summary for the Week of November 22, 2021 11/29/2021 07:00 AM EST Original release date: November 29, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 4mosan — gcb_doctor 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication …
Continue reading “Vulnerability Summary for the Week of November 22, 2021”
VMware Releases Security Updates 11/24/2021 11:58 AM EST Original release date: November 24, 2021 VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker can exploit this vulnerability to obtain access to sensitive information. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0027 and apply …
CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations 11/24/2021 12:00 PM EST Original release date: November 24, 2021 CISA has released actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity. The CEG: Mobile Device Cybersecurity Checklist for Consumers provides steps for consumers, including using …
Vulnerability Summary for the Week of November 15, 2021 11/22/2021 07:03 AM EST Original release date: November 22, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of …
Continue reading “Vulnerability Summary for the Week of November 15, 2021”
11/22/2021 10:00 AM EST Original release date: November 22, 2021 As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be …
Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability 11/19/2021 04:04 PM EST Original release date: November 19, 2021 The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in …
Continue reading “Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability”
NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures 11/19/2021 01:44 PM EST Original release date: November 19, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G …
Continue reading “NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures”
Drupal Releases Security Updates 11/18/2021 11:21 AM EST Original release date: November 18, 2021 Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-011 and …
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities 11/17/2021 09:00 AM EST Original release date: November 17, 2021 CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an …
Google Releases Security Updates for Chrome 11/16/2021 10:11 AM EST Original release date: November 16, 2021 Google has released Chrome version 96.0.4664.45 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and …
Continue reading “Google Releases Security Updates for Chrome”