Original release date: September 14, 2021
Google has released Chrome version 93.0.4577.82 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 14, 2021
The New Zealand Computer Emergency Response Team (CERT NZ) has released a guide on ransomware protection for businesses. The guide includes a pair of helpful diagrams that outline different ransomware attack pathways and illustrate where relevant security controls can work to protect or stop an attack.
CISA encourages users, administrators, and business leaders to review the CERT NZ guide, Protecting from ransomware, for more information as well as recommended prevention and mitigation measures.
For additional resources related to the prevention and mitigation of ransomware, see https://www.stopransomware.gov as well as the CISA-MS-ISAC Joint Ransomware Guide.
Stopransomware.gov is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 13, 2021
Apple has released security updates to address vulnerabilities—CVE-2021-30860, CVE-2021-30858—in iOS and iPadOS. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild.
CISA encourages users and administrators to review the iOS 14.8 and iPadOS 14.8 security update page and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 13, 2021
CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation:
Register for this free summit and read more about the presentations at CISA.gov/cybersummit2021.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 10, 2021
WordPress 5.4-5.8 are affected by multiple vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected website.
CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.8.1.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 9, 2021
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 9, 2021
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Citrix Security Update CTX325319 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 8, 2021
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 92, Firefox ESR 78.14, and Thunderbird 78.14.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 7, 2021 | Last revised: September 8, 2021
Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.
CISA encourages users and administrators to review the Zoho advisory for more information and to update to ADSelfService Plus build 6114.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 7, 2021
Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild.
CISA encourages users and administrators to review Microsoft’s advisory and to implement the mitigations and workarounds.
This product is provided subject to this Notification and this Privacy & Use policy.
UK Tel: +44 333 1223 372
USA Tel: +1 833 838 6754
LATAM Tel: +52 (55) 5335 0800
E: info@cystel.org
Clavering House, Clavering Place, Newcastle Upon Tyne, England, UK NE1 3NG
2001 L STREET N.W. SUITE 500, WASHINGTON, DC, 20036
Rio Lerma 232, Piso 23 (Torre Diana), Ciudad de Mexico, CP 06500, Mexico