Our news
-
Critical SonicWall NAC Vulnerability Stems from Apache Mods
Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
-
CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
Original release date: January 11, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI,…
-
Millions of Routers Exposed to RCE by USB Kernel Bug
The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al.
-
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
Original release date: January 10, 2022 CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the…
-
Vulnerability Summary for the Week of January 3, 2022
Original release date: January 10, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info beyondtrust — appliance_base_software BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an…
-
URL Parsing Bugs Allow DoS, RCE, Spoofing & More
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
-
Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High
Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.
-
EoL Systems Stonewalling Log4j Fixes for Fed Agencies
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says.
-
Cyberattackers Hit Data of 80K Fertility Patients
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
-
QNAP: Get NAS Devices Off the Internet Now
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.