SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- API Vulnerabilities Discovered in LEGO Marketplace
December 19, 2022
Application programming interface (API) security vulnerabilities have been discovered in a LEGO resale platform owned by LEGO® Group, which could have put sensitive customer information at risk. An investigation by Salt Security’s research team, Salt Labs, found two API security flaws within BrickLink, an online marketplace to buy and sell LEGO parts, Minifigures and sets, which ...
- Hackers exploit critical Citrix ADC and Gateway zero day, patch now
December 13, 2022
Citrix strongly urges admins to apply security updates for an ‘Critical’ zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. This new vulnerability allows an unauthenticated attacker to execute commands remotely on vulnerable devices and take control over them. Citrix is warning admins to install ...
- New Fortinet bug under active exploitation
December 13, 2022
Fortinet has warned customers to patch immediately against a new vulnerability it said is under active exploitation. The critical-rated vulnerability exists in a VPN product, FortiOS SSL-VPN. In its advisory, the company said the bug is a heap-based buffer overflow. Read more… Source: IT News
- Air-gapped PCs vulnerable to data theft via power supply radiation
December 10, 2022
A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems, which are isolated from the internet, over a distance of at least two meters (6.5 ft), where it’s captured by a receiver. The information emanating from the isolated device could be picked up by a nearby smartphone or laptop, even if ...
- Antivirus and EDR solutions tricked into acting as data wipers
December 9, 2022
A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers. Wipers are a special type of destructive malware that purposely erases or corrupts data on compromised systems and ...
- CISA Releases Three Industrial Control Advisories
December 8, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds One ...