Author: DEFENDEDGE
-
FTC Reports Scammers Impersonating FTC
Original release date: January 26, 2021 The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require such information and scammers can… Read more
-
Nefilim Ransomware Gang Hits Jackpot with Ghost Account
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed. Read more
-
Nvidia Squashes High-Severity Jetson DoS Flaw
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. Read more
-
North Korea Targets Security Researchers in Elaborate 0-Day Campaign
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor. Read more
-
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
A security flaw in TikTok could have allowed attackers to query query the platform’s database – potentially opening up for privacy violations. Read more
-
Cisco DNA Center Bug Opens Enterprises to Remote Attack
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. Read more
-
Vulnerability Summary for the Week of January 18, 2021
Original release date: January 25, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor —… Read more
-
SonicWall Breach Stems from ‘Probable’ Zero-Days
The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series. Read more
-
Amazon Kindle RCE Attack Starts with an Email
The “KindleDrip” attack would have allowed attackers to siphon money from unsuspecting victims. Read more
-
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic. Read more