Author: DEFENDEDGE

  • Vulnerability Summary for the Week of August 16, 2021

    DEFENDEDGE

    Original release date: August 23, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info cisco — application_extension_platform A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an… Read more

  • Windows 10 Admin Rights Gobbled by Razer Devices

    DEFENDEDGE

    So much for Windows 10’s security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. Read more

  • Attackers Actively Exploiting Realtek SDK Flaws

    DEFENDEDGE

    Multiple vulnerabilities in software used by 65 vendors under active attack. Read more

  • Hurricane-Related Scams

    DEFENDEDGE

    Original release date: August 21, 2021 CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary… Read more

  • Hurricane-Related Scams

    DEFENDEDGE

    Original release date: August 21, 2021 The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments,… Read more

  • Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities

    DEFENDEDGE

    Original release date: August 21, 2021 Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all… Read more

  • Web Censorship Systems Can Facilitate Massive DDoS Attacks

    DEFENDEDGE

    Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. Read more

  • A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

    DEFENDEDGE

    The Texas-based company, SolarWinds, that became the epicenter of a massive supply chain attack late last year has issued patches to contain a remote code execution flaw. These changes were brought on by the Microsoft notification to the IT management and remote monitoring software maker that the flaw was being exploited in the wild. SolarWinds… Read more

  • How Ready Are You for a Ransomware Attack?

    DEFENDEDGE

    Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. Read more

  • Critical Cisco Bug in Small Business Routers to Remain Unpatched

    DEFENDEDGE

    The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life. Read more