Latest News
Stay up to date with the latest posts and updates
Alerts
-
Dev Sabotages Popular NPM Package to Protest Russian Invasion
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar…
4 min read
-
Misconfigured Firebase Databases Exposing Data in Mobile Apps
Five percent of the databases are vulnerable to threat actors: It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say.
4 min read
-
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.
4 min read
-
CISA Adds 15 Known Exploited Vulnerability to Catalog
Original release date: March 15, 2022 CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities…
4 min read
-
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
Original release date: March 15, 2022 Summary Multifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of…
4 min read
-
Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw
The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most…
4 min read
