Home » Security Information

Security Information

This page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have.

SG Security Scan

SG Security Articles

Latest Threats - Symantec

Latest Security Advisories (US-CERT)

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

• Safari 14.1
• macOS Big Sur 11.3.1
• iOS 14.5.1 and iPadOS 14.5.1
• iOS 12.5.3
• watchOS 7.4.1

Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure (PCS) software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities on April 20 and added detection information on April 30.  

CISA strongly encourages customers using Ivanti Pulse Connect Secure appliances to review the blog post and apply the necessary updates. For additional information, CISA recommends reviewing the following resources and tools below.  

• CISA Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
• Pulse Security Integrity Checker Tool

CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecovs Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021, Codecov notified customers of the compromise and on April 29, 2021, Codecov released an update containing new detectionsincluding indicators of compromise (IOCs) and a non-exhaustive data set of likely compromised environment variablesto assist organizations in determining whether they have been affected.

CISA urges all Codecov users to review the Codecov update and:

• Search for the IOCs provided.
• Log in to Codecov to see any additional information specific to their organization and repositories. 

Affected users should immediately implement the guidance in the Recommended Actions for Affected Users and FAQ sections of Codecovs update. CISA recommends giving special attention to Codecovs guidance on changing (re-rolling) potentially affected credentials, tokens, and keys. CISA also recommends revoking and reissuing any potentially affected certificates.

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Samba Security Announcements for CVE-2021-20254 and apply the necessary updates and workarounds.

CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, originally released April 20. This update adds a new Detection section providing information on Impossible Travel and Transport Layer Security (TLS) Fingerprinting that may be useful in identifying malicious activity.

CISA encourages users and administrators to review the following resources for more information:

• AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
• Emergency Directive 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities

CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.

CISA encourages users and administrators to review the ICS Advisory for mitigation recommendations and available updates.
 

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability cisco-sa-memc-dos-fncTyYKG
• Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability isco-sa-ftd-ssl-decrypt-dos-DdyLuK6c
• Cisco Firepower Threat Defense Software Command Injection Vulnerability cisco-sa-ftd-cmdinj-vWY5wqZT
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities cisco-sa-asa-ftd-vpn-dos-fpBcpEcD
• Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability cisco-sa-asa-ftd-sipdos-GGwmMerC

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review ISC advisory CVE-2021-25216 and to apply the necessary updates or workarounds.