VMware Releases Security Updates - Updated October 20, 2020
October 20, 2020
Cybersecurity
NSA Releases Advisory on Chinese State-sponsored Actors Exploiting Publicly Known Vulnerabilities
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Read the NSA advisory.
Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)
CISA has published an advisory on a classic buffer overflow vulnerability in Rockwell Automation 1794-AENT Flex I/O Series B. Versions 4.003 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution. Rockwell Automation recommends affected users ensure they are employing proper network segmentation and security controls when implementing the affected product. CISA also recommends a series of measures to mitigate this vulnerability.
Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector
CISA has published an advisory on an improper authentication vulnerability in Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer. XMC20 R4 using COGE5 versions older than co5ne_r1h07_12.esw and XMC20 R6 using COGE5 versions older than co5ne_r2d14_03.esw are affected. Successful exploitation of this vulnerability could allow an attacker to remotely take control of the product. Hitachi ABB Power Grids has corrected the problem in the different product versions and recommends users apply the firmware update at the earliest availability.
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system.
NCSC Releases Alert on Microsoft SharePoint Vulnerability
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises the United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability - CVE-2020-16952 - affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system.
15CFAM – What’s so FUN about Addressing All the Things (Internet-of-Things) and the Supply Chain Too?
In keeping with this week’s NCSAM theme of internet-connected devices (in healthcare), we decided to jump way ahead in our ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series to #14 (Address All Smart Devices) and #13 (Secure the Supply Chain) from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide.
National Cybersecurity Awareness Month Week Three – #BeCyberSmart when Securing Internet-Connected Devices in Healthcare (and Everywhere)
The NCSAM focus for week three is on healthcare, specifically the internet-connected devices that increasingly dominate this vital sector. Given the emphasis on patient care, it goes without saying that the personal implications of internet-connected devices in healthcare are extremely critical. From hospitals and care facilities, to telemedicine, wellness apps, and implanted medical devices, industry and consumers alike need to understand the threats and take the necessary steps to secure these vulnerable and highly targeted devices.
Nationwide Cybersecurity Review – Does your Cybersecurity Program Stack Up?
Benchmark assessments not only provide (anonymous) measurement against peers, but also help set and prioritize goals. Assessment results can be used internally to set benchmarks, prioritize actions, and plan future cybersecurity investments.
Pages
