Author: DEFENDEDGE
-
100M IoT Devices Exposed By Zero-Day Bug
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more. Read more
-
FamousSparrow APT Wings in to Spy on Hotels, Governments
A custom “SparrowDoor” backdoor has allowed the attackers to collect data from targets around the globe. Read more
-
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security. Read more
-
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
All a user needs to do is click on an email attachment, and boom — the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. Read more
-
VMware Warns of Ransomware-Friendly Bug in vCenter Server
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs. Read more
-
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Original release date: September 22, 2021 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations,… Read more
-
AA21-265A: Conti Ransomware
Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK… Read more
-
TikTok, GitHub, Facebook Join Open-Source Bug Bounty
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain. Read more
-
NETGEAR Releases Security Updates for RCE Vulnerability
Original release date: September 21, 2021 NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review NETGEAR’s Security Advisory and update to the latest firmware. Given the increase in telework,… Read more
-
Payment API Bungling Exposes Millions of Users’ Payment Data
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. Read more