SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- Gigabyte motherboards come with a hidden firmware backdoor
May 31, 2023
Component supplier Gigabyte has some pressing questions to answer. The first and most pressing is, “Why did you put an updater backdoor into your own motherboard firmware without telling anyone?” The second is, “Why didn’t you lock it down in any meaningful way, hoping that it would stay secure simply by not being known?” Read more… Source: ...
- CISA Adds One Known Exploited Vulnerability to Catalog
May 26, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...
- CISA Releases Four Industrial Control Systems Advisories
May 23, 2023
CISA released four Industrial Control Systems (ICS) advisories on May 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-143-01 Hitachi Energy AFS65x, AFS67x, AFR67x and AFF66x Products ICSA-23-143-02 Hitachi Energy RTU500 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Three Known Exploited Vulnerabilities to Catalog
- Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range
May 19, 2023
Apple has issued a bushel of security updates and warned that three of the flaws it’s fixed are under active attack. The three are CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, all of which impact the WebKit browser engine that Apple champions and employs in its Safari browser – and demands be used by other browsers on iOS. Read more… Source: ...
- CISA Releases Five Industrial Control Systems Advisories
May 18, 2023
CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X SYS600 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Three Industrial Control Systems Advisories
- CISA Adds Seven Known Exploited Vulnerabilities to Catalog
May 12, 2023
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25717 Multiple Ruckus Wireless Products CSRF and RCE Vulnerability CVE-2021-3560 Red Hat Polkit Incorrect Authorization Vulnerability CVE-2014-0196 Linux Kernel Race Condition Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency