QNAP Systems, Inc. (QNAP) issued a statement strongly urging users to immediately update and run malware scans on QNAP NAS devices after recent reports of ransomware attacks involving Qlocker and eCh0raix.
Security researchers have discovered nine vulnerabilities collectively dubbed NAME:WRECK than can break DNS implementations in TCP/IP stacks and lead to denial of service or remote code execution. The experts also provided guidelines to organization on how to fix the issues.
Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS, EX4300, PTX Series, QFX Series, SRX Series network devices and multiple other products.
Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.
Security researchers are warning of mass scans and active exploits of a Critical vulnerability on F5 BIG-IP and BIG-IQ infrastructure. F5 patched the Critical remote code execution vulnerability CVE-2021-22986 nearly two weeks ago when the networking company confirmed an unauthenticated attacker could exploit the vulnerability.
F5 has patched two Critical remote code execution (RCE) and another two buffer overflow vulnerabilities that impact BIG-IP and BIG-IQ devices. Moreover, the security firm also addressed two other High severity bugs and one Medium severity flaw.
The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.
Cisco has patched multiple Critical vulnerabilities in NX-OS and Application Services Engine products. An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.
SonicWall has released a new firmware update for SMA 100 Series 10.X And 9.X products. The latest update supersedes previous urgent patches that fixed a zero-day vulnerability CVE-2021-20016 earlier this month.
Cisco has patched a Cisco AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366). An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.