SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- High-Severity Intel Processor Bug Exposes Encryption Keys
November 15, 2021
A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. That’s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be. The high-severity privilege-escalation issue is ...
- Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day
November 12, 2021
There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto Networks’ GlobalProtect VPN. The zero-day — which has a severity rating of 9.8 and was first reported by ZDNet — allows for unauthenticated, remote code execution ...
- Mac Zero Day Targets Apple Devices in Hong Kong
November 12, 2021
Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. This isn’t a finely targeted campaign, but it’s a sophisticated one. The ...
- AMD reveals an EPYC 50 flaws – 23 of them rated High severity.
November 12, 2021
Microsoft may have given us a mere 55 CVEs to worry about on November’s Patch Tuesday, but AMD and Intel have topped that number with fixes for their products. AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of “High” concern, meaning they’re rated at between 7.0 and 8.9 on the Common Vulnerability ...
- Magniber ransomware gang now exploits Internet Explorer flaws in attacks
November 11, 2021
The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. The two Internet Explorer vulnerabilities are tracked as CVE-2021-26411 and CVE-2021-40444, with both having a CVSS v3 severity score of 8.8. The first one, CVE-2021-26411, was fixed in March 2021 and is a memory corruption flaw ...
- Massive Zero-Day Hole Found in Palo Alto Security Appliances
November 10, 2021
UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls. Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving 10,000 vulnerable ...