LINK Apple has released numerous security updates for their products.
VMWare releases numerous Critical Updates
LINK The products impacted are VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation), so update if you have them.
Netgear fixes numerous RCE’s in multiple routers
LINK Time to examine if you are affected and update the devices.
MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
This Advisory is letting users of Apple products know it’s time to upgrade to the latest versions of Apple operating systems to address vulnerabilities found in pervious Apple operating systems. Details below. Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. iOS is a mobile […]
OMIGOD Vulnerability attacks are increasing
LINK OMIGOD (CVE-2021-38647) is a vulnerability in the Azure deployed virtual machines running Linux. Make sure to update if you have Azure Linux machines. Many of the scans are coming on ports 5986 and 1270
Apache OpenOffice is currently impacted by a remote code execution flaw
LINK A new RCE (CVE-2021-33035) in Apache OpenOffice was found. As of writing this there was no fix but one was coming.
APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. Click the LINK for more Information.
Breach Announcements – September 20, 2021
TTEC (technology company) – ransomware Epik (Domain Registrar) – unspecified attack Republican Governors Association Email server – exchange breach EventBuilder (Event Management) – user information exposed in Azure NEW Cooperative (US Farmers Coop) – Blackmatter ransomware Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously […]
Weekly CISA – Vulnerability Summary for the Week of September 13, 2021
LINK
Researchers put together a list of vulnerabilities abused by Ransomware – Look for these immediately
LINK To make it easy, I pulled it and created a simple txt list you can use. These are the some of the initial access methods. Pulse Secure VPNCVE-2021-22893CVE-2020-8260CVE-2020-8243CVE-2019-11539CVE-2019-11510 CitrixCVE-2020-8196CVE-2020-8195CVE-2019-19781CVE-2019-11634 Microsoft ExchangeCVE-2021-34523CVE-2021-34473CVE-2021-31207CVE-2021-26855 FortinetCVE-2020-12812CVE-2019-5591CVE-2018-13379 SonicWallCVE-2021-20016CVE-2020-5135CVE-2019-7481 F5CVE-2021-22986CVE-2020-5902 Palo AltoCVE-2020-2021CVE-2019-1579 QNAPCVE-2021-28799CVE-2020-36198 SophosCVE-2020-12271 SharePointCVE-2019-0604 Microsoft WindowsCVE-2019-0708CVE-2020-1472CVE-2021-31166CVE-2021-36942 Microsoft OfficeCVE-2017-0199CVE-2017-11882CVE-2021-40444 vCenterCVE-2021-21985 AccellionCVE-2021-27101CVE-2021-27104CVE-2021-27102CVE-2021-27103 FileZenCVE-2021-20655 AtlassianCVE-2021-26084 Zoho CorpCVE-2021-40539 Microsoft AzureCVE-2021-38647