The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.
Cybersecurity firm Qualys announced a "limited" number of their customers had been impacted by a data breach caused by an exploited Accellion FTA zero-day vulnerability on Qualys customer support systems.
Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019. Microsoft warned the vulnerabilities have been exploited in "limited targeted attacks."
Google has released a new Chrome 89 security update (89.0.4389.72) for Windows, Mac and Linux with fixes for multiple vulnerabilities, to include one zero-day vulnerability CVE-2021-21166 exploited in the wild.
Cisco has patched multiple Critical vulnerabilities in NX-OS and Application Services Engine products. An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
VMware has patched multiple vulnerabilities, to include one Critical vulnerability (CVE-2021-21972) that has exposed thousands of servers online.
The Mozilla Foundation has released Firefox 86 that includes a new feature for 'Total Cookie Protection,' along with security fixes for five High risk vulnerabilities.
SonicWall has released a new firmware update for SMA 100 Series 10.X And 9.X products. The latest update supersedes previous urgent patches that fixed a zero-day vulnerability CVE-2021-20016 earlier this month.
Cyber attackers have been exploiting Accellion File Transfer (FTA) appliance 0-day vulnerabilities to steal data and threaten their victims with extortion attempts.