Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of July 18 - 24. Sign up to get these updates right to your inbox!
Drupal Core released an update to fix the security risk of extracting tar archives, which are critical third-party libraries. The update does not allow symlinks, which should mitigate future potential risks.
Sources: drupal.org
Cisco released security updates to mitigate unauthenticated, adjacent attacker access to sensitive internal services. Without this update, an attacker could make configuration changes on the affected system.
Sources: tools.cisco.com
The Cybersecurity and Infrastructure Security Agency (CISA) has an ongoing response to Pulse Secure compromises and has analyzed 13 malware samples.
Sources: us-cert.cisa.gov
Oracle launched a critical patch update to address more than 300 vulnerabilities, which could have allowed a remote attacker to take control of an affected system.
Sources: oracle.com
Adobe released security updates for multiple Adobe products such as Photoshop, Audition, Media Encoder and more to address threats of an attacker taking control of an affected system.
Sources: helpx.adobe.com
Microsoft Windows 10/11 has been found to allow local users access to admin passwords, which could give them total system access due to Windows security account manager (SAM) being too permissive. With these stolen privileges, someone could install programs, create new accounts and have access to private data.
Sources: msrc.microsoft.com
Citrix released security updates to address multiple vulnerabilities in Application Delivery Controller (ADC), Gateway and SD-WAN WANOP Edition. Results of a successful attack include limited space consumption on the appliance, theft of a valid user session and a session fixation by an authorized user.
Sources: support.citrix.com
