SUBSCRIBE

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 14 - 20. Sign up to get these updates right to your inbox!

November 19, 2021

Zoho

The FBI, CISA and the Coast Guard Cyber Command updated the joint Cybersecurity Advisory released on Sept. 16, 2021, which explains the utilization of a vulnerability in Zoho ManageEngine ADSelfService Plus. It now includes information…

Sources:

Palo Alto Networks,

Microsoft,

SecurityIntelligence,

Industrial Cybersecurity Pulse

Pulse Connect Secure

Pulse Connect Secure before 9.1R12.1 contains a vulnerability that could allow an attacker to cause a denial-of-service.

Sources:

NIST

mySCADA myDESIGNER

Versions 8.20.0 and before of mySCADA myDESIGNER are vulnerable to a path traversal payload, which could result in an attacker executing remote code.

Sources:

NIST,

CISA
November 18, 2021

Drupal

Drupal released security updates for versions 8.9, 9.1 and 9.2 due to vulnerabilities that could lead to an attacker gaining control of affected systems.

Sources:

Drupal
November 17, 2021

CISA

CISA added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which contains vulnerabilities that are significant threats to the federal enterprise.

Sources:

CISA

Microsoft Exchange and Fortinet

CISA, the FBI, the Australian Cybersecurity Centre (ACSC) and the United Kingdom’s National Security Centre (NCSC) released a joint Cybersecurity Advisory explaining ongoing threats from a group associated with the Iranian government.

Sources:

CISA
November 16, 2021

Google

Google released Chrome version 96.0.4664.45 for Windows, Mac and Linux to deter attackers from gaining control of affected systems due to the vulnerabilities they possess.

Sources:

Google

DRAM memory devices

Researchers found fundamental vulnerabilities in DRAM memory devices that are used in computers, tablets and smartphones. Despite mitigation measures being taken, such as the target row refresh, there is still a Rowhammer vulnerability.

Sources:

Tech Xplore
November 15, 2021

Zoom

Cybersecurity researchers at Positive Technologies found three vulnerabilities in multiple parts of Zoom, such as Zoom Virtual Room Connector, Zoom Meeting Connector Controller and Zoom Recording Connector. The vulnerabilities would allow an attacker to execute…

Sources:

HackRead