Our news
-
AA21-265A: Conti Ransomware
Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK…
-
TikTok, GitHub, Facebook Join Open-Source Bug Bounty
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.
-
NETGEAR Releases Security Updates for RCE Vulnerability
Original release date: September 21, 2021 NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review NETGEAR’s Security Advisory and update to the latest firmware. Given the increase in telework,…
-
Payment API Bungling Exposes Millions of Users’ Payment Data
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
-
Vulnerability Summary for the Week of September 13, 2021
Original release date: September 20, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. 2021-09-10 7.5 CVE-2021-37422 MISC zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is…
-
Porn Problem: Adult Ads Persist on US Gov’t, Military Sites
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
-
Public Wi-Fi Safety
The use of public wi-fi has become a worldwide phenomenon over the last ten years with establishments offering free wi-fi in exchange for their business and attendance. Moreover, many companies are pushing for their workers to work remotely nowadays, thus increasing the availability and comfort of using free public wi-fi. However, anything deemed free in life will normally come with a…
-
Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed “Seventh Inferno” (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon’s Cries (CVSS…
-
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.
-
CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.