- CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
- PAN-SA-2021-0002 Informational: PAN-OS: Impact of NAT Slipstream v1.0 and v2.0 Attacks (Severity: NONE)
- CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability (Severity: HIGH)
- CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface (Severity: HIGH)
- CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
- CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs (Severity: MEDIUM)
- CVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console (Severity: CRITICAL)
- RedEcho under investigation (amid reassurances). Stopping Operation Exchange Marauder. Containing Ursnif. Cyber proliferation. And another round in the Crypto Wars.
- AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
- Microsoft Exchange Server zero days exploited in the wild
- Accellion FTA attacks claim more victims
- Technical controls to prevent business email compromise attacks
- India investigates the possibility of cybersabotage. Walls are opaque to defenders, too. Recommendations for cyber nonproliferation. SolarWinds updates (with an SEC appearance).
- “RedEcho’s”activity in India’s power grid is described. US report on Khashoggi murder declassified SolarWinds compromise inquiry updates. Ill-intentioned SEO. President’s Cup winner announced.
- ThreatConnect and Sumo Logic: Empower Orchestration with Cloud-SIEM