Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients. If you're not a client, make sure your team knows about these security events from October 2021, as well as future ones.
Subscribe Yourself or Colleague
| Source | Product | Type |
| AMD Ryzen | Chipset Driver | Patches for security vulnerabilities |
| Microsoft | NTLM Relay | Mitigation advice for PetitPotam attacks |
| ManageEngine | ADManager Plus | Security fix for critical vulnerability |
| VMware | n/a | Security update |
| Source | Product | Type |
| FBI | n/a | Indicators of compromise associated with Hive ransomware |
| Chrome | Security updates | |
| Intel | Multiple | Multiple security updates |
| Microsoft | Multiple | Mitigation advice and workarounds for zero-day threat CVE-2021-40444 |
| Source | Product | Type |
| Atlassian | Confluence Server and Data Center | Security updates |
| ManageEngine | ServiceDesk Plus | Update for remote code execution (RCE) and server-side request forgery (SSRF) vulnerabilities |
| Microsoft | Multiple | Security updates (Aug 2021) |
| Microsoft | Multiple | Security updates (Sep 2021) |
| Mozilla | Firefox, Firefox ESR, and Thunderbird | Security updates |
| Pulse Secure | Secure Connect | Security update |
| Cisco | Multiple | Security Updates |
| Mozilla | Firefox, Firefox ESR | Security updates |
| Adobe | Multiple | Security Updates |
| Apple | Multiple | Security Update to Address CVE-2021-30883 |
| Microsoft | Multiple | Security Updates (October 2021) |
| Chrome | v95.0.4638.54 for Windows, Mac, and Linux |
| Source | Product | Type |
| Apple | iOS and iPadOS 14.8 | Security updates |
| Citrix | ShareFile Storage Zones Controller | Security update |
| Drupal | n/a | Multiple security updates |
| FBI-CISA-CGCYBER | ManageEngine ADSelfService Plus | Advisory on advanced persistent threat (APT) exploitation of vulnerability |
| Fortinet | FortiManager SD-WAN Orchestrator | Patch for improper access control vulnerability |
| Microsoft | Azure Linux Open Mgt Infrastructure | Security update |
| SAP | Multiple | Security updates (Sep 2021) |
| WordPress | WordPress | Security update |
| CISA/NSA | Multiple | Guidance on Selecting and Hardening VPNs |
| Apache | HTTP Servers | Security update |
| Apache | Server | Address vulnerabilities under exploitation |
| CISA | Multiple | Security Advisory Honeywell Experion and ACE Controllers |
| CISA | n/a | Advisory remote users |
| Juniper Networks | Multiple | Security Updates |
| NSA | Multiple | Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques |
| U.S. Water and Wastewater Systems Sector Facilities | Ongoing Cyber Threats | |
| Apache | Tomcat (multiple versions) | Security advisory to address vulnerability |
| Cisco | IOS XE SD-WAN Software | Security updates to address vulnerability |
| GPSD | v3.20 (Dec 31, 2019) through v3.22 (Jan 8, 2021) | GPS Daemon (GPSD) bug |
| Oracle | Multiple | Critical patch update (October 2021) to address vulnerabilities |
If you're not confident that your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit.
Or better, get in touch so we can walk you through the critical items for your security checklist.