Cisco patches vulnerabilities in HyperFlex HX, SD-WAN and other products
Cisco has patched multiple vulnerabilities in HyperFlex HX, Cisco SD-WAN, Small Business routers and other network products. Two of the advisories are rated Critical.
Network Security
Securezoo Cybersecurity Threat Center blog posts regarding Network Security.
Another 3 Pulse Connect Secure Critical vulnerabilities discovered
Ivanti has discovered three new Pulse Connect Secure (PCS) Critical vulnerabilities CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900, nearly two weeks after reported active exploits against other PCS vulnerabilities.
F5 Big-IP KDC spoofing vulnerability (CVE-2021-23008)
Security researchers have discovered a KDC Spoofing Vulnerability in F5 Big-IP CVE-2021-23008. As a result, an attacker could could exploit the vulnerability to bypass authentication and take control of impacted systems.
Alert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)
CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.
“BadAlloc” vulnerabilities impact broad range of IoT and OT devices
Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed “BadAlloc” that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.
New Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new analysis report on Supernova malware used in a cyberattack and long term compromise of an entity’s network and SolarWinds systems.
SonicWall Email Security zero-day vulnerabilities
SonicWall has released urgent patches for Critical Email Security product zero-day vulnerabilities CVE-2021-20021, CVE-2021-20022 and CVE-2021-20023.
Alert: Qlocker and eCh0raix ransomware attacks against QNAP NAS devices
QNAP Systems, Inc. (QNAP) issued a statement strongly urging users to immediately update and run malware scans on QNAP NAS devices after recent reports of ransomware attacks involving Qlocker and eCh0raix.
NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks
Security researchers have discovered nine vulnerabilities collectively dubbed NAME:WRECK than can break DNS implementations in TCP/IP stacks and lead to denial of service or remote code execution. The experts also provided guidelines to organization on how to fix the issues.
Juniper patches multiple vulnerabilities in Junos OS and other products (April 2021)
Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS, EX4300, PTX Series, QFX Series, SRX Series network devices and multiple other products.