CISA is urging admins to patch a critical (Level 10) bug found in Discourse versions 2.7.8 and earlier. Discourse released a security advisory to address a critical RCE vulnerability (CVE-2021-41163). The vuln was fixed by the developer in an urgent update on Friday. Discourse had 405 million users as of Sept. 2021 viewing 3.5 million posts.
Experts Comments
Level 10 bugs are undoubtedly the most serious vulnerabilities. Discourse is a major communications platform. Ensuring security and robustness is paramount. This highlights the need to continue to invest in the next generation of cyber security professionals. We have the tools to find them even in a tight labor market. We need to find them and get them into the fight as soon as possible to ensure we have a strong workforce capable of managing vulnerabilities like this as well as those to come.
.....Read MoreLevel 10 bugs are undoubtedly the most serious vulnerabilities. Discourse is a major communications platform. Ensuring security and robustness is paramount. This highlights the need to continue to invest in the next generation of cyber security professionals. We have the tools to find them even in a tight labor market. We need to find them and get them into the fight as soon as possible to ensure we have a strong workforce capable of managing vulnerabilities like this as well as those to come.
Read LessLinkedin Message
@Doug Britton, CEO, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cisa-alert-critical-discourse-bug
Facebook Message
@Doug Britton, CEO, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cisa-alert-critical-discourse-bug
Be part of our growing Information Security Expert Community (1000+), please register here.
Discourse continues to make news after researchers discovered a vulnerability that enabled attackers to invoke OS commands at the Administrator level. The open-source platform has released a critical bug fix that CISA strongly urges everyone to install if they are running Discourse software.
It’s critically important for both systems administrators and individual users to keep up with security information from software providers, and to install patches promptly. We can’t rely on Microsoft
.....Read MoreDiscourse continues to make news after researchers discovered a vulnerability that enabled attackers to invoke OS commands at the Administrator level. The open-source platform has released a critical bug fix that CISA strongly urges everyone to install if they are running Discourse software.
It’s critically important for both systems administrators and individual users to keep up with security information from software providers, and to install patches promptly. We can’t rely on Microsoft or other OS vendors to automatically push patches to our systems. Users of Discourse software should test and install this patch as their most important priority.
Read LessLinkedin Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cisa-alert-critical-discourse-bug
Facebook Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cisa-alert-critical-discourse-bug