Our news
-
‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast
Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells.
-
F5 Bug Could Lead to Complete System Takeover
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.
-
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches.
-
Microsoft Breaks Silence on Barrage of ProxyShell Attacks
versions of the software are affected by a spate of bugs under active exploitations.
-
Win10 Admin Rights Tossed Off by Yet Another Plug-In
Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.
-
F5 Releases August 2021 Security Advisory
Original release date: August 25, 2021 F5 has released a security advisory on vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ for August 2021. CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible. This product is provided subject to this…
-
Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day
Cybersecurity watchdog CitizenLab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple’s new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time.
-
CISA Releases Five Pulse Secure-Related MARs
Original release date: August 24, 2021 As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following five malware analysis reports (MARs) for threat actor tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs),…
-
ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
-
Vulnerability Summary for the Week of August 16, 2021
Original release date: August 23, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info cisco — application_extension_platform A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an…