Author: DEFENDEDGE
-
Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
The threat actors stole data and used Clop’s leaks site to demand money in an extortion scheme, though no ransomware was deployed. Read more
-
Vulnerability Summary for the Week of February 15, 2021
Original release date: February 22, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accellion — fta Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. 2021-02-16 7.2 CVE-2021-27102 MISC MISC accellion —… Read more
-
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation. Read more
-
Cisco Releases Security Updates for AnyConnect Secure Mobility Client
Original release date: February 18, 2021 Cisco has released security updates to address a vulnerability in Cisco AnyConnect Secure Mobility Client. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Cisco Security Advisory cisco-sa-anyconnect-dll-hijac-JrcTOQMC and apply the necessary updates. This product is provided subject… Read more
-
Stolen Jones Day Law Firm Files Posted on Dark Web
Jones Day, which represented Trump, said the breach is part of the Accellion attack from December. Read more
-
SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. Read more
-
Ninja Forms WordPress Plugin Bug Opens Websites to Hacks
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking. Read more
-
Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups. Read more
-
Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies
TikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase. Read more
-
North Korean Malicious Cyber Activity: AppleJeus
Original release date: February 17, 2021 CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.” The U.S. Government refers… Read more