Author: DEFENDEDGE
-
Auth Bypass Bug Exploited, Affecting Millions of Routers
A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks. Read more
-
Vulnerability Summary for the Week of August 2, 2021
Original release date: August 9, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info basic_shopping_cart_project — basic_shopping_cart A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. 2021-07-30 7.5 CVE-2021-34165 MISC ectouch — ectouch SQL Injection Vulnerability in… Read more
-
Golang Cryptomining Worm Offers 15% Speed Boost
The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process. Read more
-
Amazon Kindle Vulnerable to Malicious EBooks
Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data. Read more
-
Ivanti Releases Security Update for Pulse Connect Secure
Original release date: August 6, 2021 Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review Ivanti’s Security Advisory SA44858 and apply the necessary update. This product is provided subject to this Notification and… Read more
-
Critical Cisco Bug in VPN Routers Allows Remote Takeover
Security researchers warned that at least 8,800 vulnerable systems are open to compromise. Read more
-
Pulse Secure Releases Security Update for Pulse Secure Connect
Original release date: August 6, 2021 Pulse Secure has released Pulse Secure Connect system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review Pulse Secure’s Security Advisory SA44858 and apply the necessary update. This product is provided subject to this… Read more
-
Zoom Settlement: An $85M Business Case for Security Investment
Zoom’s security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup. Read more
-
Auditors: Feds’ Cybersecurity Gets the Dunce Cap
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-. Read more
-
VMware Releases Security Updates for Multiple Products
Original release date: August 5, 2021 VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain access to confidential information. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0016 and apply the necessary updates or workaround. This product is provided subject to this Notification and… Read more