A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)

Using an Android Device

Do this: Apply the latest Android security updates.
Why: Four Android bugs are being actively exploited in the wild according to Google. Most notably, the worst of which may provide an attacker 'complete control' over the device. The relevant CVEs are :

  • CVE-2021-1905 (Use after free vuln)
  • CVE-2021-1906 (GPU memory address allocation vuln)
  • CVE-2021-28663 (Arm Mali GPU privilege escalation vuln)
  • CVE-2021-28664 Arm Mali GPU privilege escalation & DoS vulns)
Additional Info: https://source.android.com/security/bulletin/2021-05-01

Monitoring Your Network with Nagios Fusion?

Do this: Ensure the latest Nagios patches have been applied (at a minimum patches newer than November of 2020).
Why: Researches have found a way to chain a series (13) of authenticated and non-authenticated vulnerabilities together in order to take complete control of a Nagios Fusion deployment. The relevant CVEs are :

  • CVE-2020-28648
  • CVE-2020-2890[0-11]
Additional Info: https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/

About the Author

Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder

After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.