Author: DEFENDEDGE
-
Multi-Gov Task Force Plans to Take Down the Ransomware Economy
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. Read more
-
CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities
Original release date: April 29, 2021 CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. CISA encourages users and administrators… Read more
-
Modern Phishing: A Hidden Threat in Plain Sight
Modern Phishing: A Hidden Threat in Plain Sight While it may come as a surprise to some, phishing is still a lucrative business for cybercriminals. Phishing is defined as the fraudulent practice of sending emails pretending to be from reputable companies in order to reveal personal information. In 2020 alone the FBI’s Internet Crime Report stated that phishing scams in the United… Read more
-
Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. Read more
-
Linux Kernel Bug Opens Door to Wider Cyberattacks
The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices. Read more
-
Babuk Ransomware Gang Targets Washington DC Police
The RaaS developers thumbed their noses at police, saying “We find 0 day before you.” Read more
-
Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses
A variant of Mac No. 1 threat Shlayer since January already has been exploiting the vulnerability, which allows payloads to go unchecked through key OS security features. Read more
-
Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software
The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks. Read more
-
CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks
Original release date: April 26, 2021 A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further compromise customer data or systems. To… Read more
-
Vulnerability Summary for the Week of April 19, 2021
Original release date: April 26, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — robohelp Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system… Read more