Cyber Risk Services

Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution (RCE) zero-day vulnerability that’s being actively exploited.

Risk-based cybersecurity programs put an emphasis on quantifying risk based on targeted intersections of IT, Security, & Business data to address specific cybersecurity problems. The quantified risk measurements are then used as a primary driver for cybersecurity decision making.

Security researchers have disclosed a serious and wide-ranging API vulnerability stemming from the incorrect implementation of Elastic Stack, which could create serious business risk for customers.

An unpatched stored cross-site scripting (XSS) bug in Apple’s AirTag “Lost Mode” could open up users to a cornucopia of web-based attacks, including credential-harvesting, click-jacking, malware delivery, token theft and more.

Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware.

Google has addressed two zero-day security bugs that are being actively exploited in the wild. The two zero days are tracked as CVE-2021-30632 and CVE-2021-30633.

Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents.

Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity.

In the last half of 2020, 449 vulnerabilities were disclosed. During the first half of 2021, more than 600 ICS vulnerabilities were disclosed, impacting 76 vendors.