Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 25 - 31. Sign up to get these updates right to your inbox!

JULY 30, 2021

Trend Micro Apex One

Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 are vulnerable to an attacker escalating privileges on affected installations.

Sources: nvd.nist.gov

JULY 29, 2021

Wireless Devices

The NSA released an information sheet about cybersecurity addressing wireless devices in public settings. It explains how to identify possible public connection vulnerabilities and how to protect devices and data better.

Sources: nsa.gov

IBM

Due to an unsafe deserialization flaw, the IBM Partner Engagement Manager 2.0 is vulnerable to an attacker sending arbitrary code on the system.

Sources: cve.mitre.org

Dell EMC NetWorker

Versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability, which means that an attacker could read sensitive information in log files.

Sources: nvd.nist.gov

Visual Studio Code

The PHP Mess Detector before 1.3.0 for Visual Studio Code is vulnerable to attackers putting arbitrary code into a workspace folder.

Sources: nvd.nist.gov

PowerVM Logical Partition Mobility (LPM)

The encryption key exchange for PowerVM Hypervisor FW920, FW930, FW940 and FW950 could be hacked, and an attacker could decrypt the stolen migration traffic.

Sources: nvd.nist.gov

JULY 27, 2021

Geutebrück G-Cam E2 and G-Code

There is an Industrial Control Systems (ICS) advisory from CISA for the Geutebruck G-CAM E2 devices and Encoder G-Code versions. The vulnerabilities include missing authentication for critical function, command injection and stack-based buffer overflow, which would allow an attacker to take control of an affected system remotely.

Sources: us-cert.cisa.gov

Apple

For products such as the MacOS Big SUR, IOS 14.7.1 and iPad 14.7.1, there have been updates made available to deter any exploitation of memory corruption and allowing execution of arbitrary code with kernel privileges.

Sources: support.apple.com

Microsoft

In response to a PetitPotam threat, Microsoft has released a statement on how to prevent NTLM relay attacks. Using certificate authority web enrollment and certificate enrollment web service would leave a user vulnerable without the necessary settings.

Sources: support.microsoft.com

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES