Original release date: August 19, 2021

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the necessary updates or workarounds.

Original release date: August 18, 2021

CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.

The fact sheet provides information for organizations to use in preventing and responding to ransomware-caused data breaches. CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations listed in this fact sheet to reduce their risk to ransomware and protect sensitive and personal information. Review StopRansomware.gov for additional ransomware resources.

Original release date: August 18, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

• APSB21-60 Captivate
• APSB21-65 XMP Toolkit SDK
• APSB21-68 Photoshop
• APSB21-69 Bridge
• APSB21-70 Media Encoder

Original release date: August 17, 2021

CISA has released an Industrial Control Systems (ICS) advisory detailing a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK). A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the ICS Advisory: ICSA-21-229-01 ThroughTek Kalay P2P SDK and the FireEye Mandiant blog: Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices for more information and to apply the necessary update and mitigations.

Original release date: August 17, 2021

Apple has released a security update to address vulnerabilities in iCloud for Windows 12.5. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security update and apply the necessary updates.