Author: DEFENDEDGE
-
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets. Read more
-
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. Read more
-
Vulnerability Summary for the Week of December 27, 2021
Original release date: January 4, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — log4j Apache Log4j2 versions 2.0-beta7 through… Read more
-
What the Rise in Cyber-Recon Means for Your Security Strategy
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. Read more
-
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Read more
-
5 Cybersecurity Trends to Watch in 2022
Here’s what cybersecurity watchers want infosec pros to know heading into 2022. Read more
-
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. Read more
-
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. Read more
-
Vulnerability Summary for the Week of December 20, 2021
Original release date: December 27, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context… Read more
-
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. Read more