Our news
-
Cisco Releases Security Updates for RV Series Routers
Original release date: February 3, 2022 Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators…
-
Supply-Chain Security Is Not a Problem…It’s a Predicament
Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.
-
KP Snacks Left with Crumbs After Ransomware Attack
The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening empty supermarket shelves lasting for weeks.
-
Thousands of Malicious npm Packages Threaten Web Apps
Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.
-
Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft
Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.
-
Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.
-
Public Exploit Released for Windows 10 Bug
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.
-
FBI Releases PIN on Potential Cyber Activities During the 2022 Beijing Winter Olympics and Paralympics
Original release date: February 1, 2022 The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that malicious cyber actors could use a broad range of cyber activities to disrupt these events. These activities include distributed denial-of-service…
-
Vulnerability Summary for the Week of January 24, 2022
Original release date: January 31, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — shenyu Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. 2022-01-25 7.5 CVE-2021-45029 CONFIRM MLIST MLIST asus — vc65-c1_firmware ASUS VivoMini/Mini…
-
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also “hack every website you’ve ever visited.”