Our news
-
Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers
Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities.
-
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
Original release date: April 8, 2021 Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. CISA created Sparrow to support hunts for threat activity following…
-
Azure Functions Weakness Allows Privilege Escalation
Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said.
-
Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims’ networks, according to researchers.
-
Facebook: Stolen Data Scraped from Platform in 2019
The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators.
-
Critical Cloud Bug in VMWare Carbon Black Allows Takeover
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain.
-
SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
-
Malicious Cyber Activity Targeting Critical SAP Applications
Original release date: April 6, 2021 SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management. On April 6 2021, security researchers from Onapsis, in coordination with…
-
Apple Mail Zero-Click Security Vulnerability Allows Email Snooping
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.
-
How To Defend the Extended Network Against Web Risks
Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.