NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks

Security researchers have discovered nine vulnerabilities collectively dubbed NAME:WRECK than can break DNS implementations in TCP/IP stacks and lead to denial of service or remote code execution. The experts also provided guidelines to organization on how to fix the issues.

Continue ReadingNAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks

Juniper patches multiple vulnerabilities in Junos OS and other products (April 2021)

Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS, EX4300, PTX Series, QFX Series, SRX Series network devices and multiple other products.

Continue ReadingJuniper patches multiple vulnerabilities in Junos OS and other products (April 2021)

Cisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.

Continue ReadingCisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Critical F5 BIG-IP vulnerability (CVE-2021-22986) under active attack

Security researchers are warning of mass scans and active exploits of a Critical vulnerability on F5 BIG-IP and BIG-IQ infrastructure. F5 patched the Critical remote code execution vulnerability CVE-2021-22986 nearly two weeks ago when the networking company confirmed an unauthenticated attacker could exploit the vulnerability.

Continue ReadingCritical F5 BIG-IP vulnerability (CVE-2021-22986) under active attack

3 good examples of how to apply the Zero Trust Security Model

The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.

Continue Reading3 good examples of how to apply the Zero Trust Security Model

SonicWall releases new firmware updates for SMA 100 Series 10.X And 9.X products

SonicWall has released a new firmware update for SMA 100 Series 10.X And 9.X products. The latest update supersedes previous urgent patches that fixed a zero-day vulnerability CVE-2021-20016 earlier this month.

Continue ReadingSonicWall releases new firmware updates for SMA 100 Series 10.X And 9.X products

Cisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)

Cisco has patched a Cisco AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366). An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.

Continue ReadingCisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)