Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 15 - 21. Sign up to get these updates right to your inbox!

AUGUST 21, 2021

ProxyShell

CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207 are vulnerabilities that an attacker could use to send arbitrary code on an affected machine. Microsoft’s May list of updates should protect against these vulnerabilities.

Sources: us-cert.cisa.gov

AUGUST 19, 2021

Cisco

Cisco has released seven security updates to address vulnerabilities that lead to allowing an attacker to take control of affected systems.

Sources: us-cert.cisa.gov

BIND

The Internet Systems Consortium (ISC) has released a security advisory that refers to a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND), which would cause a denial-of-service condition.

Sources: kb.isc.org

AUGUST 18, 2021

Kalay

CISA has released an Industrial Control Systems (ICS) advisory for a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK). Some Internet of Things (IoT) devices are at risk of having their privacy invaded. Through the vulnerability, an attacker could take control of an affected system.

Sources: techxplore.com

CISA

CISA has released a document about how to protect against ransomware data breaches so organizations can reduce their risk to attacks and protect their information better.

Sources: us-cert.cisa.gov

Adobe

Adobe has released security updates for APSB21-60 Captivate, APSB21-65 XMP Toolkit SDK, APSB21-68 Photoshop, APSB21-69 Bridge and APSB21-70 Media Encoder. There are multiple vulnerabilities for these products that could allow an attacker to take control of those systems.

Sources: us-cert.cisa.gov

AUGUST 17, 2021

WebAccess/NMS Hole

Advantech has released a security update to protect against an improper authentication vulnerability in its WebAccess/NMS. The vulnerability would allow an attacker access to resources monitored and controlled by the WebAccess/NMS.

Sources: isssource.com

BlackBerry

BlackBerry announced that its QNX real time operating system (RTOS) is affected by a BadAlloc vulnerability, CVE-2021-22156. This vulnerability could allow an attacker to cause a denial-of-service condition, put arbitrary code on affected devices or taking control of sensitive systems.

Sources: us-cert.cisa.gov

AUGUST 16, 2021

Mozilla

Mozilla has a security update available for Firefox and Thunderbird to prevent an attacker access to take control of an affected system.

Sources: mozilla.org

Apple

Apple has released a security update for iCloud for Windows 12.5 to prevent someone taking control of an affected system.

Sources: support.apple.com

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES