Author: DEFENDEDGE

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in. Read more

One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’ Read more

Original release date: February 23, 2022 The United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory (CSA) reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink. Cyclops Blink appears to… Read more

Original release date: February 23, 2022 Summary The Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework. The United Kingdom’s (UK) National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National… Read more

Original release date: February 21, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accel-ppp — accel-ppp The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to… Read more

Original release date: February 18, 2022 CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which… Read more

Original release date: February 18, 2022 The New Zealand National Cyber Security Centre (NCSC-NZ) has released a General Security Advisory (GSA) on preparing for cyber threats relating to tensions between Russia and Ukraine. The advisory recommends organizations review their security posture and monitor for cyber incidents and provides additional resources to help protect against potential… Read more

Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Read more

Original release date: February 18, 2022 CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity… Read more

An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders. Read more