Author: DEFENDEDGE

Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. Read more

Original release date: December 23, 2020 CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this… Read more

Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world. Read more

Investigation reveals device sector is problem plagued when it comes to security bugs. Read more

The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE. Read more

The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation. Read more

Original release date: December 21, 2020   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adremsoft — netcrunch AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers’ installations when no other SSL… Read more

What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll. Read more

Original release date: December 18, 2020 | Last revised: December 19, 2020 CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the… Read more

Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year. Read more