Category: alerts
Category Added in a WPeMatico Campaign
-
BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
Original release date: November 4, 2021 On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range… Read more
-
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor. Read more
-
Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members. Read more
-
Predicting the Next OWASP API Security Top 10
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them. Read more
-
FBI Releases PIN on Attacks Using Significant Financial Events for Extortion
Original release date: November 3, 2021 The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) on ransomware actors using significant financial events, such as mergers and acquisitions, to target and leverage victim companies. CISA encourages users and administrators to review Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate… Read more
-
CISA Issues BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities
Original release date: November 3, 2021 CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. To support this Directive, CISA has established a catalog of relevant… Read more
-
Android Patches Actively Exploited Zero-Day Kernel Bug
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components. Read more
-
Apple macOS Flaw Allows Kernel-Level Compromise
‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations. Read more
-
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion
An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems. Read more
-
‘Trojan Source’ Hides Invisible Bugs in Source Code
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. Read more