Author: DEFENDEDGE

Original release date: October 21, 2021 Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco… Read more

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Read more

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. Read more

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient. Read more

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp. Read more

Original release date: October 19, 2021 Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Oracle October 2021 Critical Patch Update and apply the… Read more

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses. Read more

Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass. Read more

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. Read more

Original release date: October 18, 2021 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed… Read more