Author: DEFENDEDGE
-
NSA-CISA Series on Securing 5G Cloud Infrastructures
Original release date: October 28, 2021 The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts by threat actors who have gained initial… Read more
-
2021 CWE Most Important Hardware Weaknesses
Original release date: October 28, 2021 The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead… Read more
-
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti. Read more
-
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media. Read more
-
Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. Read more
-
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood. Read more
-
FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware
Original release date: October 27, 2021 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late 2020. CISA encourages users and administrators to review the IOCs and technical details in… Read more
-
Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. Read more
-
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner. Read more
-
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. Read more