November 15, 2025 - Red Dot Security

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

This week had so many critical and high value vulnerabilities that it didn’t make sense to list them all in the headline news section, so make sure that you check out the full list of links to see if something that you support is impacted. Microsoft patched 63 defects, with 1 zero-day in the mix. Adobe, SAP, and many other Patch Tuesday vendors unleashed a large slew of fixes as well. CISA was quite active in publishing warnings, quite a few firewall vendors had a bad week, and data breaches abounded. There’s so much news this week that I wonder if reporting what doesn’t have a patch might be easier.

This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.

Headline NEWS:

Cisco and Citrix both have had a very bad week with active exploitation against Cisco’s Identity Service Engine (ISE), enabling pre-authenticated Remote Code Execution (RCE). And Citrix NetScaler ADC and NetScaler Gateway products have a zero-day that is now also under active exploitation. Follow vendor guidance to patch and check for compromise.
Fortinet has a critical zero-day defect in FortiWeb that targets the web application firewall (WAF). This one “allows an attacker with no existing level of access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface”. If you have this in your environment, patch immediately. This has been under active exploitation since at least early in October.
Google Chrome patched another V8-JavaScript engine defect. Since it seems that major vulnerabilities are being plugged several times a week lately, just restart and update any Chromium based browser at least weekly at this point to ensure you stay updated.
Microsoft released 63 fixes, including 1 zero-day this past Tuesday. The actively exploited Windows Kernel zero-day which enables privilege escalation is on CISA’s Know exploited Vulnerability (KEV) catalgo now. So, don’t delay vetting and applying the patches.
N-able has revealed two critical defects, one of which carries a maximum-severity rating, in their N-central RMM (Remote Monitoring and Management) system. These flaws can allow a threat actor to achieve remote code execution. While not currently known to be exploited, If you use self-hosted N-able, it is critical that you patch immediately to prevent compromise of your and your clients’ systems. It is only a matter of time before enterprising dirtbags weaponize these defects.
SAP (Systems, Applications, and Products in Data Processing), unveiled their November patch releases. Contained within was a maximum severity defect for hard-coded credentials in their SQL Anywhere Monitor. Yeah, that needs fixing fast. There were a total of 18 items addressed, two of which are critical, the aforementioned SQL Monitor, and Solution Manager, which can be triggered to enable full takeover of the system. Make sure you check your various SAP systems for needed patches quickly.

In Ransomware, Malware, and Vulnerabilities News:

Firewall, Router, and Remote Connection vendors had a bad week with ASUS, Citrix, Cisco, FortiGate, Ivanti, Palo Alto, and WatchGuard all being named in various news reports of vulnerabilities and patch releases. CISA has named a few of these as being under active exploitation, it would be wise of you to keep up with their Known Exploited Vulnerabilities catalog so that you can take appropriate action when they publish notices.

In Other News Events of Note and Interest:

ConnectWise CEO Manny Rivelo Interview by CRN is a great insight into the current status and near-term direction of this massive company that services the Managed Service Provider (MSP) industry. ConnectWise’s main focus is their Asio platform that closely mirrors many of their acquisitions. However, Rivelo states, “Asio isn’t a collection of bolted-on tools, it’s a brand-new platform built from the ground up. At its core, it includes four main service areas: RMM, PSA, security and data backup. On top of that, we’re wrapping in AI and RPA capabilities along with a centralized data warehouse and shared services.” There’s a lot more in the article. It is worth your time.

Musings:

Why do we not have virtual patch modeling systems that run on every workstation and server? Most every system now has significantly more compute power and storage than is required for normal day-to-day functions. It should be possible to create a virtualized duplicate environment inside the base system where an AI agent lives that has a historical baseline of all normal and usual activity that is performed on that base system, including menus opened, and various vendor software interactions. When a patch is requested to be installed, the AI could ensure the virtual baseline is up-to-date and matches the base system, install the patch in the virtual environment, and then silently open and perform all of the normal and usual activity that is done on that system to search for defects and incompatibilities. Any problems found can be reported to the user, IT, and vendors. And if there are performance concerns with this process, this could be done after hours when the user is away from the computer, or when servers are less taxed with day-to-day operations. Hey, I can dream, can’t I?

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: