Using Oracle Products?

Do this: Apply any available security updates for products in your environment.
Why: Oracle addressed 342 issues with their latest round of quarterly updates. The most notable of which is CVE-2019-2729 (9.8/10), which allows for unauthenticated remote code execution in WebLogic Server Web Services.
Additional Info: Oracle's security update: https://www.oracle.com/security-alerts/cpujul2021.html

Using an iPhone or iPad?

Do this: Update to iOS/iPadOS 14.7 immediately.
Why: Multiple security vulnerabilities have been patched in this update (40 in total: 37 specifically for iPhones) though Apple users are still waiting on a patch for NSO Group's Pegasus spyware.
Additional Info: Apple's security update: https://support.apple.com/en-us/HT212601

Using Jira?

Do this: Apply the patch, or workarounds offered by Atlassian, as soon as possible.
Why: Multiple versions of Jira Data Center and Jira Service Management Data Center are affected by CVE-2020-36239, a critical bug that could enable unauthenticated remote code execution within the Data Center products. The patch fixes the issue but now requires a shared secret in order to access the Ehcache service. The workaround is to restrict access to the Ehcache remote invocation (RMI) ports (40001 and 40011).
Additional Info: Threatpost offers more details, including a list of affected versions on their post: https://threatpost.com/atlassian-critical-jira-flaw/168053/

Photo Credit: Threatpost.com

Affected by REvil Ransomware?

Do this: Contact Kaseya and be patient.
Why: On 22-July, Kaseya posted an update on their helpdesk website indicating that they have obtained the universal decryption key and, through Emsisoft, is working with customers to restore the encrypted files.
Additional Info: From Kaseya: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-21st-2021

Send Us Your Comments

What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.

SEND

Newsletter

Want 7x Second Security and other info straight to your inbox? We'll never send boring content.