MSRC Security Researcher Recognition: 2021
Source: https://msrc-blog.microsoft.com/blog/2021/02/msrc-security-researcher-recognition-2021/ Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the … Read more
Microsoft Patch Tuesday, February 2021 Edition
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of … Read more
Microsoft Warns of Windows Win32k Privilege Escalation
Source: https://us-cert.cisa.gov/ncas/current-activity/2021/02/09/microsoft-warns-windows-win32k-privilege-escalation Original release date: February 9, 2021 Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability … Read more
Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
Source: https://msrc-blog.microsoft.com/blog/2021/02/multiple-security-updates-affecting-tcp-ip/ Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability … Read more
Continuing to Listen: Good News about the Security Update Guide API!
Source: https://msrc-blog.microsoft.com/blog/2021/02/continuing-to-listen-good-news-about-the-security-update-guide-api/ Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer … Read more
RSA Announces the Release of RSA MFA Agent 1.2 for macOS
Summary: RSA MFA Agent 1.2 for macOS extends the powerful modern authentication of RSA SecurID Access to macOS computers. Whether online or offline, users now have a convenient way to authenticate to … Read more
Google Releases Security Updates for Chrome
Source: https://us-cert.cisa.gov/ncas/current-activity/2021/02/05/google-releases-security-updates-chrome Original release date: February 5, 2021 Google has released Chrome Version 88.0.4324.150 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control … Read more
SonicWall Issues Patch For Zero-Day Vulnerability
This comes about a week after the vulnerabilities were disclosed on several versions of the company's Secure Mobile Access (SMA) series of gateway …
SonicWall issues patch for firmware zero-day used to attack the company and its customers
SonicWall said the vulnerability allowed hackers to gain administrator-level … SonicWall did not release details about who was exploiting the bug.
Cisco Releases Security Updates
Source: https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates Original release date: February 4, 2021 Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an … Read more
Google Releases Security Updates for Chrome
Source: https://us-cert.cisa.gov/ncas/current-activity/2021/02/03/google-releases-security-updates-chrome Original release date: February 3, 2021 Google has released Chrome version 88.0.4324.146 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that that an attacker could exploit to take … Read more
RSA Announces the January 2021 Release of RSA SecurID Access
Summary: This release includes the following features and improvements: The identity router OVA image for VMware virtual appliances has a new signing certificate. The old certificate expires on January 31, 2021. If … Read more
Sonicwall Zero Day Attack: SMA 100 Series Patch Expected Feb 3
SonicWall breach, Zero Day attack & SMA 100 vulnerability details: … SonicWall has confirmed a zero-day vulnerability on SMA 100 series 10.x code. … SonicWall has been working on a patch that … Read more
RSA Announces RSA Authentication Manager 8.5 Patch 2 and Updated Web-Tier Server
Summary: RSA announces RSA Authentication Manager 8.5 Patch 2. This patch (available here) contains important product updates. See the Readme for information about the contents of the patch. An updated web-tier server … Read more
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
Source: https://msrc-blog.microsoft.com/blog/2021/01/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release … Read more