SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
January 2, 2021
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets ...
- Adobe Flash Player is officially dead tomorrow
December 31, 2020
Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Over the years, multiple zero-day and critical vulnerabilities found to impact Flash Player were used by both cybercriminals and nation-state hacking groups to install ...
- Digital Footprint Intelligence Report
December 29, 2020
The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Sudan, Syria, Turkey, UAE, Yemen. The data presented in this report was collected through Kaspersky’s own threat ...
- The History of DNS Vulnerabilities and the Cloud
December 28, 2020
Every now and then, a new domain name system (DNS) vulnerability that puts billions of devices around the world at risk is discovered. DNS vulnerabilities are usually critical. Just imagine that you browse to your bank account website, but instead of returning the IP address of your bank website, your DNS resolver gives you the ...
- Zero-click iOS zero-day found deployed against Al Jazeera employees
December 20, 2020
At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today. Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the ...
- HPE discloses critical zero-day in server management software
December 16, 2020
Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. Zero-days are publicly disclosed ...