Our news
-
VMware Releases Multiple Security Updates
Original release date: February 24, 2021 VMware has released security updates to address multiple vulnerabilities–CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates. This…
-
Nvidia’s Anti-Cryptomining Chip May Not Discourage Attacks
The hotly anticipated ray-tracing, advanced gaming graphics chip will throttle Ethereum mining.
-
Daycare Webcam Service Exposes 12,000 User Accounts
NurseryCam suspends service across 40 daycare centers until a security fix is in place.
-
CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance
Original release date: February 24, 2021 The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government…
-
AA21-055A: Exploitation of Accellion File Transfer Appliance
Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including…
-
IBM Squashes Critical Remote Code-Execution Flaw
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.
-
SonicWall Releases Additional Patches
Original release date: February 23, 2021 SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system. CISA encourages users and administrators to…
-
Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
The threat actors stole data and used Clop’s leaks site to demand money in an extortion scheme, though no ransomware was deployed.
-
Vulnerability Summary for the Week of February 15, 2021
Original release date: February 22, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accellion — fta Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. 2021-02-16 7.2 CVE-2021-27102 MISC MISC accellion —…
-
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.