Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 5 - 11. Sign up to get these updates right to your inbox!
Affected versions of Parlai are vulnerable to YAML deserialization due to unsafe loading that leads to arbitrary code execution.
Sources: nvd.nist.gov
Cisco released security updates for IOS XR Software for ASR 9000 Series Routers, IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol, and IOS XR Software that have denial-of-service, arbitrary file read and write, and user privilege escalation vulnerabilities.
Sources: tools.cisco.com
Citrix released security updates for Hypervisor to prevent an attacker from having the ability to take control of an affected system.
Sources: support.citrix.com
The National Cybersecurity Center of Excellence (NCCoE) released a revised draft report that is about ransomware risk management, which is available for public comment.
Sources: nist.gov
Mozilla released security updates for Firefox, Firefox ESR and Thunderbird addressing vulnerabilities that could allow an attacker to take control of an affected system.
Sources: us-cert.cisa.gov
Microsoft released mitigations and workarounds for the remote code execution threat, CVE-2021-40444, which would allow a remote attacker to take control of an affected system.
Sources: msrc.microsoft.com
Zoho released a security update for the ManageEngine ADSelfService Plus builds 6113 and below that has has the CVE-2021-40539 vulnerability, which would allow an attacker to take control of the system. CISA strongly suggests that ADSelfService Plus is not accessible from the internet.
Sources: manageengine.com
