Original release date: September 21, 2021
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0020 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 21, 2021
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 16, 2021
The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.
The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities, and the compromise of business email as last year’s most significant threats.
CISA encourages users and administrators to review ACSC’s Annual Cyber Threat Report July 2020 to June 2021 and CISA’s Stop Ransomware webpage for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 16, 2021
The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.
CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 16, 2021
Microsoft has released an update to address a remote code execution vulnerability in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 16, 2021
Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 14, 2021
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 14, 2021
Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. A remote attacker can exploit this vulnerability to take control of an affected system.
CISA recommends users and administrators review Citrix Security Bulletin CTX328123 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 14, 2021
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the SAP Security Notes for September 2021 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 14, 2021
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s September 2021 Security Update Summary and Deployment Information and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
UK Tel: +44 333 1223 372
USA Tel: +1 833 838 6754
LATAM Tel: +52 (55) 5335 0800
E: info@cystel.org
Clavering House, Clavering Place, Newcastle Upon Tyne, England, UK NE1 3NG
2001 L STREET N.W. SUITE 500, WASHINGTON, DC, 20036
Rio Lerma 232, Piso 23 (Torre Diana), Ciudad de Mexico, CP 06500, Mexico