Highlights and Updates

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

Monday, 12th April 2021

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution.The bug (CVE-2021-21982) ranks 9.1 out of 10 on the CVSS vulnerability-severity scale. The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defence for virtual servers and workloads that are hosted on the VMware’s vSphere platform. vSphere is VMware’s cloud-computing virtualization platform.

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

Tuesday, 6th April 2021

CVE-2020-9922 can be triggered just by sending a target an email with two .ZIP files attached.

A zero-click security vulnerability in Apple’s macOS Mail would allow a cyber attacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types.

CVE-2020-9922 is rated 6.5 on the CVSS vulnerability-severity scale, making it medium-severity, but the researcher stressed that successful exploitation could “lead to many bad things.”

Citrix Releases Security Updates for Hypervisor

Thursday, 1st April 2021

Citrix has released security updates to address vulnerabilities in Hypervisor (formerly Xen Server).An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

We encourage users and administrators to review Citrix Security Update CTX306565 and apply the necessary updates.

More Highlight

Information For

Control System Users

Information for industrial control systems owners, operators, and vendors.

Government Users

Resources for information sharing and collaboration among government agencies.

Home and Business

Information for system administrators and technical users.