A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)

Using the OpENer Stack?

Do this: Update to the latest version—newer than Feb 10, 2021.
Why: Researchers reported new vulnerabilities in the open source protocol stack—the most severe of which—may allow for remote code execution. CVEs:

  • CVE-2020-13556 (9.8/10)
  • CVE-2021-27478 (8.2/10)
  • CVE-2021-27482 (7.5/10)
  • CVE-2021-27500 (7.5/10)
  • CVE-2021-27498 (7.5/10)
Additional Info: https://claroty.com/2021/04/15/blog-research-fuzzing-and-pring/

Improving User Experience and Website Performance with Progressive JPEGs
Image Credit: Claroty.com

Using [on-prem] Microsoft Exchange?

Do this: Apply the April 2021 Security Updates from Microsoft.
Why: 19 of the 114 flaws patched by the update have been rated as critical and actively being exploited. Additionally, the NSA has contributed to the security holes reported to Microsoft by adding an additional four RCE vulnerabilities to the list that affect Microsoft Exchange. CVEs:

  • CVE-2021-28480
  • CVE-2021-28481
  • CVE-2021-28482
  • CVE-2021-28483
Additional Info: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617

Improving User Experience and Website Performance with Progressive JPEGs
Image Credit: Microsoft

Using Google Chrome (any platform)?

Do this: Update to the latest version.
Why: Google has patched a few important security vulnerabilities, two of which are known to be actively exploited at this time. "Google is aware of reports that exploits for CVE-2021-21206 and CVE-2021-21220 exist in the wild," Prudhvikumar Bommana, Chrome Technical Program Manager.
Additional Info: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html

Improving User Experience and Website Performance with Progressive JPEGs
Image Credit: Twitter

About the Author

Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder

After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.