Vulnerabilities & Exploits Archives - Page 51 of 106

Cisco patches High risk vulnerabilities in Small Business routers and other products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 15, 2021 / AnyConnect, Cisco, CMX, CVE-2021-1144, CVE-2021-1146, CVE-2021-1147, CVE-2021-1148, CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1237, PSIRT, Router, Small Business

Cisco has patched multiple vulnerabilities in Small Business routers, Cisco Connected Mobile Experiences (CMX) and AnyConnect products.

Cisco patches High risk vulnerabilities in Small Business routers and other products Read More »

Adobe releases security updates for Photoshop, Illustrator and other products

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 14, 2021 / Adobe, Animate, Bridge, CVE-2021-21006, Illustrator, InCopy, Photoshop

Adobe has released security updates to address vulnerabilities in Adobe Photoshop, Illustrator, Bridge and multiple other products.

Adobe releases security updates for Photoshop, Illustrator and other products Read More »

Microsoft January 2021 Security Updates (to include zero-day RCE patch)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 13, 2021 / .NET, ASP.NET, Azure, CVE-2021-1643, CVE-2021-1647, CVE-2021-1658, CVE-2021-1660, CVE-2021-1665, CVE-2021-1666, CVE-2021-1667, CVE-2021-1668, CVE-2021-1673, CVE-2021-1705, Edge, Malware Protection Engine, Microsoft Edge, Microsoft Office, Microsoft Windows, SQL Server, Visual Studio, Windows

Microsoft has released the January 2021 Security updates that includes patches for 83 vulnerabilities, 10 of those rated Critical and 1 zero-day RCE vulnerability CVE-2021-1647 in Microsoft Defender.

Microsoft January 2021 Security Updates (to include zero-day RCE patch) Read More »

High risk vulnerability in Zyxel firewalls and AP controllers exploited in the wild

Authentication, Network Security, Vulnerabilities & Exploits / Frank Crast / January 11, 2021 / CVE-2020-29583, Firewall, VPN, ZyXEL

Security experts have warned about a high risk hardcoded credential vulnerability in Zyxel firewalls and AP controllers. Some sources have confirmed that bad actors have already ramped up exploits against the vulnerability.

High risk vulnerability in Zyxel firewalls and AP controllers exploited in the wild Read More »

NSA: New guidance to eliminate obsolete TLS protocols

Authentication, Configuration Management, Cryptography, Cybersecurity Articles, Vulnerabilities & Exploits / Frank Crast / January 9, 2021 / CNSA, DES, DHE, ECDH, ECDH/ECDHE, encryption, IDEA, NIST SP 800-52, NSA, NULL, RC2, RC4, SSL, TDES/3DES, TLS, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

NSA: New guidance to eliminate obsolete TLS protocols Read More »

Mozilla releases Firefox 84.0.2, fix for critical vulnerability (CVE-2020-16044)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 7, 2021 / CVE-2020-16044, Firefox, Firefox 84, Mozilla

The Mozilla Foundation has released Firefox 84.0.2 that includes a security fix for a Critical vulnerability CVE-2020-16044. An attacker could exploit the vulnerability to take control of impacted systems. As part of Mozilla Foundation Security Advisory 2021-01, Firefox 84.0.2 patched a Critical ‘Use-after-free write’ vulnerability CVE-2020-16044. According to Mozilla, “a malicious peer could have modified a COOKIE-ECHO chunk

Mozilla releases Firefox 84.0.2, fix for critical vulnerability (CVE-2020-16044) Read More »

Google releases Chrome security update (87.0.4280.141)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 7, 2021 / Chrome, Chrome 87, CVE-2020-15995, CVE-2020-16043, CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2021-21114, CVE-2021-21115

Google has released Chrome 87 security update (87.0.4280.141) for Windows, Mac and Linux with fixes for 16 vulnerabilities. The tech giant also released a Chrome browser update for Android.

Google releases Chrome security update (87.0.4280.141) Read More »

QNAP fixes Command Injection vulnerability in QTS and QuTS hero

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 31, 2020 / Command Injection, CVE-2020-25847, NAS, QNAP, QSnatch, QTS, QuTS, storage, Vulnerabilities

QNAP has fixed a High severity Command Injection vulnerability CVE-2020-25847 in QTS and QuTS hero.

QNAP fixes Command Injection vulnerability in QTS and QuTS hero Read More »

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Cloud Security, Configuration Management, Cybersecurity Attacks, Data Breach, Malware, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / December 19, 2020 / APT, CISA, Cisco, Emergency Directive, Equifax, FireEye, Microsoft, NNSA, NSA, Nuclear, SolarWinds, Sunburst, Supply Chain, Symantec, Teardrop, UNC2452

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated) Read More »

Mozilla releases Firefox 84, fixes for 1 Critical and 6 High risk vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 16, 2020 / BigInt, browser, CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26973, CVE-2020-26974, CVE-2020-35113, CVE-2020-35114, Firefox, Firefox 84, Mozilla

Mozilla releases Firefox 84, fixes for 1 Critical and 6 High risk vulnerabilities

Mozilla releases Firefox 84, fixes for 1 Critical and 6 High risk vulnerabilities Read More »