CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities 03/31/2021 01:00 PM EDT Original release date: March 31, 2021 CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments… Continue reading CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome 03/31/2021 10:26 AM EDT Original release date: March 31, 2021 Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply… Continue reading Google Releases Security Updates for Chrome
VMware Releases Security Updates
VMware Releases Security Updates 03/31/2021 10:25 AM EDT Original release date: March 31, 2021 VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to… Continue reading VMware Releases Security Updates
Citrix Releases Security Updates for Hypervisor
Citrix Releases Security Updates for Hypervisor 03/31/2021 10:23 AM EDT Original release date: March 31, 2021 Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the… Continue reading Citrix Releases Security Updates for Hypervisor
Vulnerability Summary for the Week of March 22, 2021
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 2021-03-22 7.5 CVE-2021-26295 MLIST CONFIRM MLIST MLIST MLIST apache — spamassassin In Apache SpamAssassin before 3.4.5, malicious… Continue reading Vulnerability Summary for the Week of March 22, 2021
Apple Releases Security Updates
Apple Releases Security Updates 03/26/2021 04:40 PM EDT Original release date: March 26, 2021 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products… Continue reading Apple Releases Security Updates
OpenSSL Releases Security Update
OpenSSL Releases Security Update 03/26/2021 11:27 AM EDT Original release date: March 26, 2021 OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. This product… Continue reading OpenSSL Releases Security Update
Samba Releases Security Updates
Samba Releases Security Updates 03/25/2021 11:32 AM EDT Original release date: March 25, 2021 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements… Continue reading Samba Releases Security Updates
Cisco Releases Security Updates
You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. Cisco Releases Security Updates 03/25/2021 11:30 AM EDT Original release date: March 25, 2021 Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could… Continue reading Cisco Releases Security Updates
Webshells Observed in Post-Compromised Exchange Servers
Webshells Observed in Post-Compromised Exchange Servers 03/25/2021 08:45 AM EDT Original release date: March 25, 2021 CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each new MAR (AR21-084A and AR21-084B) identifies a webshell observed in post-compromised Microsoft Exchange Servers. After successful exploiting a Microsoft Exchange Server… Continue reading Webshells Observed in Post-Compromised Exchange Servers