Author: DEFENDEDGE
-
‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering. Read more
-
SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. Read more
-
Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. Read more
-
Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports
Australian immunization app bug lets attackers fake vaccine status. Read more
-
Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows
Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files. Read more
-
Netgear Smart Switches Open to Complete Takeover
The Demon’s Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks. Read more
-
Microsoft Releases Mitigations and Workarounds for CVE-2021-40444
Original release date: September 7, 2021 Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrators to review… Read more
-
Jenkins Hit as Atlassian Confluence Cyberattacks Widen
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed. Read more
-
Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast
Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to “What are we doing right?” instead of the constant reminders of what’s not working in fending off threats. Read more
-
Vulnerability Summary for the Week of August 30, 2021
Original release date: September 6, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info atlassian — confluence In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code… Read more