Author: DEFENDEDGE

Original release date: December 6, 2021 Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild. CISA encourages users and… Read more

The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned. Read more

Original release date: December 6, 2021 CISA has released an Industrial Controls Systems (ICS) advisory detailing vulnerabilities in Distributed Data Systems WebHMI products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review ICS advisory ICSA-21-336-03 Distributed Data Systems WebHMI for more information and apply… Read more

Original release date: December 6, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — rtu500_firmware Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU… Read more

It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy. Read more

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll! Read more

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio. Read more

Original release date: December 2, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305.  This vulnerability was addressed by the… Read more

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and… Read more

Original release date: December 2, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the third of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part III: Data Protection examines security during all phases of the data lifecycle—in transit, in use, and at rest. The guidance focuses on protecting the confidentiality,… Read more