securitythreatnews – Page 3 – Security Threat News

Mozilla Release Updates for Thunderbird and Firefox

July 13, 2021 John

LINK As stated above, if you have Firefox or Thunderbird, upgrade now.

Apache Releases Important Tomcat Update

July 13, 2021 John

LINK Apache Tomcat did not correctly parse the HTTP transfer-encoding requestheader in some circumstances leading to the possibility to requestsmuggling when used with a reverse proxy. Specifically: Tomcatincorrectly ignored the transfer-encoding header if the client declaredit would only accept an HTTP/1.0 response; Tomcat honoured the identifyencoding; and Tomcat did not ensure that, if present, the […]

Citrix Releases New Update

July 13, 2021 (July 13, 2021) John

LINK A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

Mitsubishi Electric patches vulnerabilities in AC systems

July 12, 2021 (July 12, 2021) John

LINK Mitsubishi Electric released some new updates for AC systems. Take a look if you have them,

Serv-U Remote Memory Escape Vulnerability

July 10, 2021 John

LINK SolarWinds Serv-U FTP software has been found to have a Remote memory escape – if you use Serv-U, time to update it.

Breach Announcements – July 9, 2021

July 9, 2021 John

City of Joplin, Missouri – unspecified security event CNA (insurance) – ransomware Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will […]

Microsoft releases comments on PrintNightmare updates – Details in Post here

July 9, 2021 John

LINK Essentially, they are saying the patch was released as it was meant to installed, but additional actions required to registry changes to Point and Print to an insecure configuration. In ALL cases, apply the CVE-2021-34527 security update. The update will not change existing registry settings After applying the security update, review the registry settings […]

Crowdsourced ransomware payment tracker opened

July 8, 2021 John

LINK This is simply a very interesting endeavor and would like to see how it evolves.

Breach Announcements – July 8, 2021

July 8, 2021 John

Morgan Stanley (brokerage firm) – Accellion FTA breach including PII Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will only happen […]

CISA release infographic for Risk and Vulnerability (RVAs) mapped to Mitre Att&ck Framework

July 8, 2021 John

LINK Very interesting, take a look