Original release date: March 4, 2021
VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 3, 2021
CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network.
CISA strongly recommends organizations examine their systems to detect any malicious activity detailed in Alert AA21-062A. Review the following resources for more information:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 3, 2021
Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 2, 2021
Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.
CISA encourages users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 2, 2021
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Apache Tomcat 9.0. An attacker could exploit this vulnerability to access sensitive information.
CISA encourages users and administrators to review the Apache security advisory for CVE-2021-25122 and upgrade to the appropriate version.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: February 26, 2021
The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred.
CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: February 25, 2021
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: February 24, 2021
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 78.8, Firefox ESR 78.8, and Firefox 86. An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisories and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: February 24, 2021
VMware has released security updates to address multiple vulnerabilities–CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: February 24, 2021
The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations in the medical, legal, telecommunications, finance, and energy fields. In some instances, the attacker extorted money from victim organizations to prevent public release of information exfiltrated from a compromised Accellion appliance.
CISA encourages users and administrators to review AA21-055A: Exploitation of Accellion File Transfer Appliance and MAR-10325064-1.v1 – Accellion FTA for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
UK Tel: +44 333 1223 372
USA Tel: +1 833 838 6754
LATAM Tel: +52 (55) 5335 0800
E: info@cystel.org
Clavering House, Clavering Place, Newcastle Upon Tyne, England, UK NE1 3NG
2001 L STREET N.W. SUITE 500, WASHINGTON, DC, 20036
Rio Lerma 232, Piso 23 (Torre Diana), Ciudad de Mexico, CP 06500, Mexico