Author: DEFENDEDGE
-
Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome
Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support. Read more
-
Apple Releases Security Updates for Multiple Products
Original release date: December 15, 2020 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iOS 14.3 and… Read more
-
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. Read more
-
Vulnerability Summary for the Week of December 7, 2020
Original release date: December 14, 2020 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acdsee — photo_studio_2021 PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. 2020-12-07 7.5 CVE-2020-29595 MISC anydesk — anydesk AnyDesk for macOS versions… Read more
-
Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts
The insider threat will go to jail for two years after compromising Cisco’s cloud infrastructure. Read more
-
DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report
The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort. Read more
-
Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. Read more
-
New Windows Trojan Steals Browser Credentials, Outlook Files
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims. Read more
-
Active Exploitation of SolarWinds Software
Original release date: December 13, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of a vulnerability in SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, which was released between March 2020 through June 2020. CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for… Read more
-
Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords. Read more