Author: DEFENDEDGE
-
Vulnerability Summary for the Week of July 12, 2021
Original release date: July 19, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info echobh — sharecare Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL)… Read more
-
U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity
Original release date: July 19, 2021 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response: The White House has released a statement attributing recent Microsoft Exchange server exploitation activity to… Read more
-
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National Security Agency, Cybersecurity… Read more
-
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and… Read more
-
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in. Read more
-
The Evolving Role of the CISO
Curtis Simpson, CISO at Armis, discusses the stop qualities that all CISOs need to possess to excel. Read more
-
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited. Read more
-
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world. Read more
-
Microsoft: New Unpatched Bug in Windows Print Spooler
Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. Read more
-
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
The popular e-commerce platform for WordPress has started deploying emergency patches. Read more