Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 15 - 21. Sign up to get these updates right to your inbox!
CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207 are vulnerabilities that an attacker could use to send arbitrary code on an affected machine. Microsoft’s May list of updates should protect against these vulnerabilities.
Sources: us-cert.cisa.gov
Cisco has released seven security updates to address vulnerabilities that lead to allowing an attacker to take control of affected systems.
Sources: us-cert.cisa.gov
The Internet Systems Consortium (ISC) has released a security advisory that refers to a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND), which would cause a denial-of-service condition.
Sources: kb.isc.org
CISA has released an Industrial Control Systems (ICS) advisory for a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK). Some Internet of Things (IoT) devices are at risk of having their privacy invaded. Through the vulnerability, an attacker could take control of an affected system.
Sources: techxplore.com
CISA has released a document about how to protect against ransomware data breaches so organizations can reduce their risk to attacks and protect their information better.
Sources: us-cert.cisa.gov
Adobe has released security updates for APSB21-60 Captivate, APSB21-65 XMP Toolkit SDK, APSB21-68 Photoshop, APSB21-69 Bridge and APSB21-70 Media Encoder. There are multiple vulnerabilities for these products that could allow an attacker to take control of those systems.
Sources: us-cert.cisa.gov
Advantech has released a security update to protect against an improper authentication vulnerability in its WebAccess/NMS. The vulnerability would allow an attacker access to resources monitored and controlled by the WebAccess/NMS.
Sources: isssource.com
BlackBerry announced that its QNX real time operating system (RTOS) is affected by a BadAlloc vulnerability, CVE-2021-22156. This vulnerability could allow an attacker to cause a denial-of-service condition, put arbitrary code on affected devices or taking control of sensitive systems.
Sources: us-cert.cisa.gov
Mozilla has a security update available for Firefox and Thunderbird to prevent an attacker access to take control of an affected system.
Sources: mozilla.org
Apple has released a security update for iCloud for Windows 12.5 to prevent someone taking control of an affected system.
Sources: support.apple.com
