Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 14 - 20. Sign up to get these updates right to your inbox!
The FBI, CISA and the Coast Guard Cyber Command updated the joint Cybersecurity Advisory released on Sept. 16, 2021, which explains the utilization of a vulnerability in Zoho ManageEngine ADSelfService Plus. It now includes information on the tools the attackers are using to exploit the authentication bypass vulnerability.
Sources: Palo Alto Networks, Microsoft, SecurityIntelligence, Industrial Cybersecurity Pulse
Pulse Connect Secure before 9.1R12.1 contains a vulnerability that could allow an attacker to cause a denial-of-service.
Sources: NIST
Drupal released security updates for versions 8.9, 9.1 and 9.2 due to vulnerabilities that could lead to an attacker gaining control of affected systems.
Sources: Drupal
CISA added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which contains vulnerabilities that are significant threats to the federal enterprise.
Sources: CISA
CISA, the FBI, the Australian Cybersecurity Centre (ACSC) and the United Kingdom’s National Security Centre (NCSC) released a joint Cybersecurity Advisory explaining ongoing threats from a group associated with the Iranian government.
Sources: CISA
Google released Chrome version 96.0.4664.45 for Windows, Mac and Linux to deter attackers from gaining control of affected systems due to the vulnerabilities they possess.
Sources: Google
Researchers found fundamental vulnerabilities in DRAM memory devices that are used in computers, tablets and smartphones. Despite mitigation measures being taken, such as the target row refresh, there is still a Rowhammer vulnerability.
Sources: Tech Xplore
Cybersecurity researchers at Positive Technologies found three vulnerabilities in multiple parts of Zoom, such as Zoom Virtual Room Connector, Zoom Meeting Connector Controller and Zoom Recording Connector. The vulnerabilities would allow an attacker to execute arbitrary code, crash the software’s functionality or enter specific commands.
Sources: HackRead
