Author: DEFENDEDGE
-
CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise
Original release date: January 6, 2021 CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2. Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of… Read more
-
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. Read more
-
Feds Issue Recommendations for Maritime Cybersecurity
Report outlines deep cybersecurity challenges for the public/private seagoing sector. Read more
-
Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government. Read more
-
RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. Read more
-
Cyberattacks on Healthcare Spike 45% Since November
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike. Read more
-
NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations
Original release date: January 5, 2021 The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations. CISA… Read more
-
Google Warns of Critical Android Remote Code Execution Bug
Google’s Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones. Read more
-
Vulnerability Summary for the Week of December 28, 2020
Original release date: January 4, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor —… Read more
-
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts. Read more