Author: DEFENDEDGE
-
AA21-291A: BlackMatter Ransomware
Original release date: October 18, 2021 Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use strong, unique passwords. • Use multi-factor authentication. • Implement network segmentation and traversal monitoring. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®)… Read more
-
Vulnerability Summary for the Week of October 11, 2021
Original release date: October 18, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ardour — ardour Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. 2021-10-08 7.5 CVE-2020-22617 MISC MISC digi — realport An issue was discovered in Digi RealPort for… Read more
-
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever. Read more
-
Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees. Read more
-
Cybersecurity Protects What’s Most Important (and it’s not Your Money)
Today, nearly every business operates in some form on the internet. With that understanding, every business is at risk of being targeted and victimized by sophisticated cyber-attacks. Common victims include vital information, secured systems/networks, and the integrity of said companies. However, there’s another affected party that may not be addressed enough; our children. Securing your business infrastructure from cybercriminals protects our… Read more
-
Rickroll Grad Prank Exposes Exterity IPTV Bug
IPTV and IP video security is increasingly under scrutiny, even by high school kids. Read more
-
Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities
Original release date: October 14, 2021 CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of… Read more
-
AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
Original release date: October 14, 2021 Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Use strong passwords. • Use multi-factor authentication. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common… Read more
-
Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers
A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Read more
-
FreakOut Botnet Turns DVRs Into Monero Cryptominers
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems. Read more