CVE-2021-22986: F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ
March 11, 2021F5 releases patches for multiple vulnerabilities in BIG-IP and BIG-IQ, including a critical remote command execution flaw that does not require authentication and is likely to attract exploits in the ...
Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411)
March 9, 2021In its March release, Microsoft addressed 82 CVEs, including a zero-day vulnerability in Internet Explorer that has been exploited in the wild and linked to a nation-state campaign targeting security ...
Finding Proxylogon and Related Microsoft Exchange Vulnerabilities: How Tenable Can Help
March 8, 2021We urge organizations to patch Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in Microsoft Exchange Server and investigate for potential compr...
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
March 2, 2021Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.Update March 8, 2021: The Identifying Affected Systems section has been updated with informati...
CVE-2021-21972: VMware vCenter Server Remote Code Execution Vulnerability
February 24, 2021Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Update May ...
Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)
February 19, 2021Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December. Update February 22, 2021: The scor...
NUMBER:JACK: Nine Vulnerabilities Across Multiple Open Source TCP/IP Stacks
February 11, 2021Nine new vulnerabilities have been identified across several TCP/IP stacks embedded in millions of OT, IoT and IT devices, spurring continued scrutiny of these already vulnerable asset types. Upd...
Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086)
February 9, 2021Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability disclos...
CVE-2020-1472: Microsoft Finalizes Patch for Zerologon to Enable Enforcement Mode by Default
February 9, 2021Zerologon has quickly become valuable to nation-state threat actors and ransomware gangs, making it imperative for organizations to apply these patches immediately if they have not yet done so. Backg...
CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild
February 5, 2021Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021. Background On February 4, Google published a stable channel up...
CVE-2021-20016: Zero-Day Vulnerability in SonicWall Secure Mobile Access (SMA) Exploited in the Wild
February 4, 2021SonicWall releases a patch after researchers confirm exploitation of a zero-day vulnerability in SonicWall Secure Mobile Access Background On January 22, SonicWall published a product notification r...
CVE-2020-6207: Proof of Concept Available for Missing Authentication Vulnerability in SAP Solution Manager
January 22, 2021A researcher has published a proof-of-concept exploit script for a critical SAP vulnerability patched in March 2020 and attackers have begun probing for vulnerable SAP systems. Background On January...