SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- Exploitation of the CVE-2021-40444 vulnerability in MSHTML
September 16, 2021
Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens the document, MS Office will ...
- Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk
September 16, 2021
Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure (OMI) — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the name and the reaction of the researchers who discovered them, the ...
- APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
September 16, 2021
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus—a self-service password management and single ...
- Hacker-made Linux Cobalt Strike beacon used in ongoing attacks
September 14, 2021
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. Cobalt Strike is a legitimate penetration testing tool designed as an attack framework for red teams (groups of security professionals who act as attackers on their own org’s ...
- Pair of Google Chrome Zero-Day Bugs Actively Exploited
September 14, 2021
Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release (version 93.0.4577.82 for Windows, Mac and Linux), it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are tracked as CVE-2021-30632 and CVE-2021-30633. “Google is aware that exploits ...
- Apple rushes to block ‘zero-click’ iPhone spyware
September 14, 2021
Apple has issued a software patch to block so-called “zero-click” spyware that could infect iPhones and iPads. Independent researchers identified the flaw, which lets hackers access devices through the iMessage service even if users do not click on a link or file. The problem affects all of the technology giant’s operating systems, the researchers said. Read more… Source: BBC ...