IT Security Newsletter - 11/10/2021
Microsoft Patch Tuesday, November 2021 Edition
Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today - potentially giving adversaries a head start in figuring out how to exploit them. READ MORE...
ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws
Industrial giants Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products. Siemens has published 13 advisories describing 36 vulnerabilities. Two of the advisories focus on the impact of the newly disclosed NUCLEUS:13 vulnerabilities on the company's products. Schneider Electric released seven advisories on Tuesday. They address a total of 17 vulnerabilities. READ MORE...
Citrix Patches Critical Vulnerability in ADC, Gateway
Citrix this week released patches for a couple of vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, including a critical bug leading to denial of service (DoS). The most severe of the two bugs is CVE-2021-22955, a critical security hole that could lead to a DoS condition on appliances that have been configured as a VPN (Gateway) or AAA virtual server. The security flaw was identified in Citrix Application Delivery Controller (ADC, formerly NetScaler ADC), and Gateway. READ MORE...
Medical software firm urges password resets after ransomware attack
Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations. The firm clarified that the impact has not reached clients and is limited to their internal IT systems and shouldn't affect any of their PVS (practice management systems). READ MORE...
Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage
Researchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage. The good news is that Siemens - the current owner of the stack - has released patches for all the vulnerabilities. The bad new is that it may take a while for these patches to be propagated downstream, i.e., for the patched Nucleus NET versions to be included in the various devices that use it. READ MORE...
Researcher Details Vulnerabilities Found in AWS API Gateway
All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway. AWS API Gateway is a popular managed service for developers to write, manage, and secure their application programming interfaces (APIs) in a Web environment. At this week's Black Hat Europe, READ MORE...
Multiple BusyBox Security Bugs Threaten Embedded Linux Devices
Researchers have discovered 14 critical vulnerabilities in a popular program used in embedded Linux applications, all of which allow for denial of service (DoS) and 10 that also enable remote code execution (RCE), they said. One of the flaws also could allow devices to leak info, according to researchers from JFrog Security and Claroty Research, in a report shared with Threatpost on Tuesday. READ MORE...
- ...in 1891, Carl Stalling, the composer and arranger for hundreds of "Looney Tunes" and "Merrie Melodies" cartoons, is born in Lexington, MO.
- ...in 1928, film composer Ennio Morricone ("A Fistful of Dollars", "Cinema Paradiso") is born in Rome, Italy.
- ...in 1969, "Sesame Street" made its debut on the National Education Television network, the precursor to PBS.
- ...in 1983, Microsoft introduces Windows 1.0.