Our news
-
AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
Original release date: March 3, 2021 Summary Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files…
-
CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities
Original release date: March 3, 2021 CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062 addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. CISA strongly recommends organizations examine their…
-
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Attackers have weaponized code dependency confusion to target internal apps at tech giants.
-
Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets
Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks on civil-society targets by a Chinese APT.
-
Jailbreak Tool Works on iPhones Up to iOS 14.3
The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.
-
Microsoft Releases Out-of-Band Security Updates for Exchange Server
Original release date: March 2, 2021 Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are…
-
Mobile Adware Booms, Online Banks Become Prime Target for Attacks
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.
-
Vulnerability Summary for the Week of February 22, 2021
Original release date: March 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info alleghenycreative — openrepeater OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. 2021-02-19 10 CVE-2019-25024 MISC MISC amaze_file_manager_project — amaze_file_manager Amaze File Manager before 3.5.1 allows attackers…
-
Firewall Vendor Patches Critical Auth Bypass Flaw
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users.
-
NSA Releases Guidance on Zero Trust Security Model
Original release date: February 26, 2021 The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred. CISA…