Author: DEFENDEDGE
-
Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860
Original release date: September 13, 2021 Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the… Read more
-
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. Read more
-
Apple Releases Security Updates, iOS 14.8 and iPadOS 14.8
Original release date: September 13, 2021 Apple has released security updates to address vulnerabilities—CVE-2021-30860, CVE-2021-30858—in iOS and iPadOS. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the… Read more
-
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
The security vulnerability can be exploited with a malicious CSV file. Read more
-
Vulnerability Summary for the Week of September 6, 2021
Original release date: September 13, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adaptivescale — lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 10 CVE-2021-40494 MISC arubanetworks — arubaos A remote… Read more
-
CISA’s Annual National Cybersecurity Summit
Original release date: September 13, 2021 CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation: Oct. 6 – Assembly Required: The Pieces of the Vulnerability Management… Read more
-
Yandex Pummeled by Potent Meris DDoS Botnet
Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex. Read more
-
Russian Ransomware Group REvil Back Online After Two-Month Hiatus
The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaces online, with the most recent victim added… Read more
-
Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. Read more
-
Thousands of Fortinet VPN Account Credentials Leaked
They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. Read more