Our news
-
Vulnerability Summary for the Week of November 29, 2021
Original release date: December 6, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — rtu500_firmware Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU…
-
Pegasus Spyware Infects U.S. State Department iPhones
It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy.
-
What Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
-
Threat Group Takes Aim Again at Cloud Platform Provider Zoho
Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.
-
CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Original release date: December 2, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. This vulnerability was addressed by the…
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and…
-
NSA and CISA Release Part III of Guidance on Securing 5G Cloud Infrastructures
Original release date: December 2, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the third of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part III: Data Protection examines security during all phases of the data lifecycle—in transit, in use, and at rest. The guidance focuses on protecting the confidentiality,…
-
Mozilla Releases Security Updates for Network Security Services
Original release date: December 2, 2021 Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for NSS and apply the necessary update. This product is provided…
-
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
-
How Decryption of Network Traffic Can Improve Security
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.