Author: DEFENDEDGE
-
Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation. Read more
-
Vulnerability Summary for the Week of December 14, 2020
Original release date: December 21, 2020 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adremsoft — netcrunch AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers’ installations when no other SSL… Read more
-
Telemed Poll Uncovers Biggest Risks and Best Practices
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll. Read more
-
CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise
Original release date: December 18, 2020 | Last revised: December 19, 2020 CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the… Read more
-
Cloud is King: 9 Software Security Trends to Watch in 2021
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year. Read more
-
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims
Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. Read more
-
Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies
The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned. Read more
-
Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues. Read more
-
NSA Releases Cybersecurity Advisory on Detecting Abuse of Authentication Mechanisms
Original release date: December 17, 2020 The National Security Agency (NSA) has released a cybersecurity advisory on detecting abuse of authentication mechanisms. This advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and detecting such activity. CISA encourages users and… Read more
-
5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. Read more