Category: alerts
Category Added in a WPeMatico Campaign
-
FreakOut Botnet Turns DVRs Into Monero Cryptominers
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems. Read more
-
Mandating a Zero-Trust Approach for Software Supply Chains
Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains. Read more
-
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances
Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users. Read more
-
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza. Read more
-
Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign
Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. Read more
-
Microsoft Releases October 2021 Security Updates
Original release date: October 12, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment Information and apply the necessary updates. This product… Read more
-
Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers. Read more
-
Apple Releases Security Update to Address CVE-2021-30883
Original release date: October 12, 2021 Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users to review the Apple security page for iOS 15.0.2 and iPadOS… Read more
-
Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation. Read more
-
Vulnerability Summary for the Week of October 4, 2021
Original release date: October 11, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info archibus — web_central ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another… Read more