Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of September 12 - 18. Sign up to get these updates right to your inbox!
The Federal Bureau of Investigation (FBI), U.S. Coast Guard Cyber Command (CGCYBER) and CISA made a joint advisory, talking about the CVE-2021-40539 vulnerability in ManageEngine ADSelfService Plus. Critical infrastructure companies are at serious risk without updating it.
Sources: us-cert.cisa.gov
Drupal has released multiple security updates for vulnerabilities that could allow an attacker to take control of affected systems.
Sources: us-cert.cisa.gov
The U.N. human rights chief is trying to postpone the use of AI technology that poses a risk to human rights because of the vulnerabilities still existing.
Sources: techxplore.com
Due to a major software flaw that allows Pegasus spyware to be automatically installed on phones, Apple users are urged to update their phones. Pegasus allows the hacker to read messages, have access to photos, turn on the phone’s camera and track the person’s movements.
Sources: techxplore.com
Microsoft released multiple updates for vulnerabilities in Microsoft software that allows hackers to take control of affected systems.
Sources: msrc.microsoft.com
Adobe released security updates for vulnerabilities that allow attackers to take control of an affected system for multiple Adobe products.
Sources: helpx.adobe.com
Citrix released a security update for ShareFile storage zones controller that addresses a vulnerability that would allow someone to take control of an affected system.
Sources: support.citrix.com
SAP released updates for multiple products that address vulnerabilities an attacker could use to take control of affected systems.
Sources: wiki.scn.sap.com
