Security News

The global holiday season is upon us with Diwali happening now, Thanksgiving the end of the month, and then on to Christmas and New Years! But before we all start celebrating, we have November 2021 Patch Tuesday coming this week, which is an important one for many industries particularly retail. November 2021 Patch Tuesday forecast Microsoft addressed 79 unique CVEs last month and I expect that number to remain high.

The U.S. Cybersecurity and Infrastructure Security Agency has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "Aggressive" timeframes. "These vulnerabilities pose significant risk to agencies and the federal enterprise," the agency said in a binding operational directive issued Wednesday.

The U.S. Cybersecurity and Infrastructure Security Agency has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "Aggressive" timeframes. "These vulnerabilities pose significant risk to agencies and the federal enterprise," the agency said in a binding operational directive issued Wednesday.

Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. CISA warned vendors Thursday to patch these vulnerabilities after the security researchers released the proof of concept tool to test Bluetooth devices against BrakTooth exploits.

In the latest effort to combat cybercrime and ransomware, federal agencies have been told to patch hundreds of known security vulnerabilities with due dates ranging from November 2021 to May 2022. In a directive issued on Wednesday, the Cybersecurity and Infrastructure Security Agency ordered all federal and executive branch departments and agencies to patch a series of known exploited vulnerabilities as cataloged in a public website managed by CISA. SEE: Patch management policy.

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components. Not many technical details have been released around this flaw yet, as original equipment manufacturers are currently working on merging the patch with their custom builds, so most Android users are vulnerable.

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. The internet giant's Threat Analysis Group has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.

A mere two weeks after its most recent set of security patches, Adobe has issued another 14 security bulletins covering 92 CVE-listed bugs. Adobe's repairs apparently represent planned maintenance rather than an out-of-band release, even though October's Patch Tuesday - the second Tuesday of the month - has come and gone.

Discourse - the ultra-popular, widely deployed open-source community forum and mailing list management platform - has a critical remote code-execution bug that was fixed in an urgent update on Friday. Discourse is widely used and wildly popular, being known for topping competing forum software platforms in terms of usability.

A critical Discourse remote code execution vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday. Discourse is an open-source forum, long-form chat, and mailing list management platform widely deployed on the web, offering excellent usability and integration potential while focusing heavily on social features.