Author: DEFENDEDGE

Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. Read more

Original release date: September 27, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ffmpeg — ffmpeg Buffer Overflow vulnerability in function… Read more

Original release date: September 24, 2021 On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server. On September 24, 2021, VMware confirmed reports that… Read more

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Read more

Unauthenticated cyberattackers can also wreak havoc on networking device configurations. Read more

One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges. Read more

Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively. Read more

A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more. Read more

A custom “SparrowDoor” backdoor has allowed the attackers to collect data from targets around the globe. Read more