Wednesday, April 21, 2021
Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021

On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory , that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA...
CERT

VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR...
CERT

VU#213092: Pulse Connect Secure vulnerable to authentication bypass that could allow for remote code execution

Overview Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker...
F5 Networks

NTP vulnerability CVE-2018-7184

NTP vulnerability CVE-2018-7184 Security Advisory Security Advisory Description ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote ...
DHS

Hitachi ABB Power Grids Ellipse APM

This advisory contains mitigations for a Cross-site Scripting vulnerability in Hitachi ABB Power Grids Ellipse APM asset performance software.
DHS

Rockwell Automation Stratix Switches

This advisory contains mitigations for a Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of Sensitive Information Into Log File, Command Injection, and Improper Input Validation vulnerability in Rockwell Automation Stratix Switches.
DHS

Delta Industrial Automation COMMGR

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Delta Industrial Automation COMMGR communication management software.
DHS

Delta Electronics CNCSoft ScreenEditor

This advisory contains mitigations for an Out-of-bounds Read vulnerability in Delta Electronics CNCSoft ScreenEditor software.
DHS

Delta Electronics CNCSoft-B

This advisory contains mitigations for Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Delta Electroncs CNCSoft-B software management platform.
DHS

Eaton Intelligent Power Manager

This advisory contains mitigations for SQL Injection, Eval Injection, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, and Code Injection vulnerabilities in Eaton Intelligent Power Management monitoring software.
DHS

Siemens Mendix

This advisory contains mitigations for an Improper Privilege Management vulnerability in Siemens Mendix low-code development software.
DHS

Mitsubishi Electric MELSEC iQ-R Series (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-20-161-02 Mitsubishi Electric MELSEC iQ-R series (Update B) that was published November 5, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a resource exhaustion...
DHS

Siemens and PKE SiNVR/SiVMS Video Server (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-20-070-01 Siemens SiNVR 3 that was published March 10, 2020, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Cleartext Storage in a File or on...
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...