Blog - Defend Edge

Vulnerability Summary for the Week of June 14, 2021

Original release date: June 21, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). 2021-06-16 7.5 CVE-2020-35760 MISC google — android In avrc_msg_cback of avrc_api.cc, there is…

What’s Making Your Company a Ransomware Sitting Duck

What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

REvil Was Behind JBS Cyberattack

JBS the world’s largest meat processing company based in Brazil, has fallen victim to a Russian-speaking gang, REvil. They have made some of the largest ransomware demands on record. The attack targeted servers supporting JBS’s operation in North America and Australia. Backup servers weren’t affected and the company stated that it is not aware of…

Cisco Smart Switches Riddled with Severe Security Holes

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

Ransomware Attacks

Within the past year, several known threat actors have been actively employing ransomware by exploiting vulnerabilities to cause massive disruptions in major industries and gain huge monetary value. According to Cybersecurity and Infrastructure Security Agency (CISA), Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that…

Takeaways from the Colonial Pipeline Ransomware Attack

The incident showcases basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

Millions of Connected Cameras Open to Eavesdropping

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.

Peloton Bike+ Bug Gives Hackers Complete Control

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.

Apple Releases Security Updates for iOS 12.5.4

Original release date: June 15, 2021 Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provided subject to this Notification and this…

Apple Hurries Patches for Safari Bugs Under Active Attack

Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.

Our news