Blog - Defend Edge

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities.

Building a Fortress: 3 Key Strategies for Optimized IT Security

Chris Hass, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize.

Vulnerability Summary for the Week of March 22, 2021

Original release date: March 29, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 2021-03-22 7.5 CVE-2021-26295 MLIST CONFIRM MLIST MLIST MLIST apache —…

Employee Lockdown Stress May Spark Cybersecurity Risk

Younger employees and caregivers report more stress than other groups– and more shadow IT usage.

Network Security Infrastructure

Network Security Infrastructure “Cybercrime is the greatest threat to every company in the world.” a quote by Ginni Rometty, IBM’s executive chairman, and previous CEO. So why do so many companies wait until they have been breached to implement any sort of security infrastructure? The answer is money. If you do not pay now you…

Vulnerability Summary for the Week of March 15, 2021

Original release date: March 22, 2021 | Last revised: March 24, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — creative_cloud_desktop _application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call…

Cyberwarfare: The Technology Attack

Cyberwarfare: The Technology Attack What is Cyberwarfare? There is still widespread debate around the true definition of “cyberwarfare.’ Some experts define it as an “extension of policy by actions taken in cyberspace by state actors that constitute a serious threat to another state’s security.” Others in the field believe that cyberwarfare is the “use of…

AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical…

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

A glitch in Zoom’s screen-sharing feature shows parts of presenters’ screens that they did not intend to share – potentially leaking emails or passwords.

Tutor LMS for WordPress Open to Info-Stealing Security Holes

The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.

Our news