SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- Two years on, Apple iOS VPNs still leak IP addresses
August 19, 2022
Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the ...
- Apple releases Safari 15.6.1 to fix zero-day bug used in attacks
August 18, 2022
Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device. “Processing maliciously crafted web content may lead to ...
- Janet Jackson music video declared a cybersecurity vulnerability
August 18, 2022
The music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers. “A colleague of mine shared a story from Windows XP product support,” wrote Microsoft blogger Raymond Chen. The story detailed how “a major computer manufacturer discovered that playing the music ...
- Apple security updates fix 2 zero-days used to hack iPhones, Macs
August 17, 2022
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively ...
- Google, Apple squash exploitable browser bugs
August 17, 2022
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild. That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn’t release many details about it until the bulk of Chrome users are updated and the code ...
- Three vulnerabilities in HDF5 file format could lead to remote code execution
August 16, 2022
Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5 gif2h5 tool that’s normally used to convert a GIF file to the HDF5 format, commonly used to store large amounts of ...