Mozilla patches local privilege escalation vulnerability in Mozilla VPN
The Mozilla Foundation has patched a High risk local privilege escalation vulnerability in Mozilla VPN.
VPN
Cisco releases Critical security update for multiple vulnerabilities in Small Business RV Routers
Cisco has released a Critical security update for multiple vulnerabilities in Small Business RV Routers. Several of those vulnerabilities are rated Critical severity and have the highest rated CVSS score of 10.0.
FBI alert: APT actors exploit 0-Day FatPipe VPN vulnerabilities
The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.
Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities
Iranian state-sponsored advanced persistent threat (APT) actors have been targeting and exploiting Microsoft Exchange and Fortinet vulnerabilities.
Palo Alto Networks fixes Critical PAN-OS vulnerability (CVE-2021-3064)
Palo Alto Networks has fixed a Critical PAN-OS vulnerability (CVE-2021-3064) in GlobalProtect Portal and Gateway Interfaces.
Citrix addresses Critical DoS vulnerability in ADC and Citrix Gateway products
Citrix has addressed a Critical unauthenticated denial of service (DoS) vulnerability CVE-2021-22955 in ADC and Citrix Gateway products.
NSA and CISA release guidance on securing remote access VPNs
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet selecting and securing remote access VPNs.
Threat actors breach South Korean atomic research institute via VPN vulnerability
Threat actors from suspected North Korea APT group Kimsuky breached a South Korean atomic research institute via a VPN vulnerability.
SonicWall releases new firmware updates for SMA 100 Series 10.X And 9.X products
SonicWall has released a new firmware update for SMA 100 Series 10.X And 9.X products. The latest update supersedes previous urgent patches that fixed a zero-day vulnerability CVE-2021-20016 earlier this month.
FBI: Cyber criminals target employee credentials via voice phishing attacks
The FBI issued a private industry notification of cyber criminals targeting employee credentials via voice phishing or “vishing” attacks.