Author: DEFENDEDGE

  • Vulnerability Summary for the Week of May 31, 2021

    DEFENDEDGE

    Original release date: June 7, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info gnome — gdk-pixbuf A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker… Read more

  • Unpatched VMware vCenter Software

    DEFENDEDGE

    Original release date: June 4, 2021 CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to… Read more

  • ‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles

    DEFENDEDGE

    Unprotected server exposes AMT Games user data containing user emails and purchase information. Read more

  • Then and Now: Securing Privileged Access Within Healthcare Orgs

    DEFENDEDGE

    Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape. Read more

  • Exchange Servers Targeted by ‘Epsilon Red’ Malware

    DEFENDEDGE

    REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests. Read more

  • Podcast: The State of Ransomware

    DEFENDEDGE

    In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline. Read more

  • CISA Releases Best Practices for Mapping to MITRE ATT&CK®

    DEFENDEDGE

    Original release date: June 2, 2021 As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership with the Homeland Security… Read more

  • Where Bug Bounty Programs Fall Flat

    DEFENDEDGE

    Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren’t enough . Read more

  • Cyber-Insurance Fuels Ransomware Payment Surge

    DEFENDEDGE

    Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blamed for a recent uptick in ransomware attacks. Read more

  • Vulnerability Summary for the Week of May 24, 2021

    DEFENDEDGE

    Original release date: May 31, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info aioseo — all_in_one_seo The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with “aioseo_tools_settings” privilege (most of the time admin) to execute… Read more