Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisory Roll Up: Week Ending November 5, 2021

Security Advisory Roll Up: Week Ending November 5, 2021

Please see Security Advisories for the week ending November 5, 2021

_______________________________

Cisco Releases Security Updates for Multiple Products

Situation

Cisco has released security updates for multiple products including Cisco Policy Suite, Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT), Cisco Small Business Series Switches, and Cisco AsyncOS software for Cisco Email Security Appliance (ESA).

Problem

Vulnerabilities found include ssh key vulnerability, authentication, replay attacks, and more.

Implication 

An attacker who can exploit these to take over the affected system.

Need

Apply the latest updates for these Cisco products.

For more information:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO

________________________________

BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

Situation

Researchers have released a BrakTooth PoC tool to test for Bluetooth exploits.

Problem

The tool tests for a wide variety of Bluetooth vulnerabilities.

Implication 

An attacker who can exploit Bluetooth vulnerabilities to cause denial of service or remote code execution.

Need

Apply latest updates to Bluetooth if available or disable Bluetooth components if not in use.

Paper: https://asset-group.github.io/disclosures/braktooth/

PoC: https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks

________________________________

Mozilla Releases Security Updates for Firefox and Firefox ESR

Situation

Mozilla has released security updates for Firefox, Firefox ESR, and Thunderbird.

Problem

Vulnerabilities found include sandbox not applying to XSLT stylesheets, use after free, Windows clipboard recording sensitive data, policy bypass, spoofing, and more.

Implication 

An attacker who can exploit these to take over the affected system.

Need

Apply the latest updates for these Mozilla products.

For more information: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/

___________________

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +