Author: DEFENDEDGE
-
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
The by-now infamous company has issued patches for three security vulnerabilities in total. Read more
-
Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins
The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters. Read more
-
Apple Releases Security Updates
Original release date: February 2, 2021 Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the… Read more
-
Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156
Original release date: February 2, 2021 Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user.… Read more
-
Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products
Original release date: February 2, 2021 CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on… Read more
-
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. Read more
-
Vulnerability Summary for the Week of January 25, 2021
Original release date: February 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info async-git_project — async-git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. 2021-01-26 7.5 CVE-2021-3190 MISC MISC MISC CONFIRM caret — caret A… Read more
-
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications. Read more
-
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices. Read more
-
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites. Read more