Category: alerts

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. Read more

Original release date: September 16, 2021 The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.     The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities,… Read more

Original release date: September 16, 2021 The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that… Read more

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States… Read more

Original release date: September 16, 2021 Microsoft has released an update to address a remote code execution vulnerability in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update. This product… Read more

Original release date: September 16, 2021 Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates. SA-CORE-2021-006 SA-CORE-2021-007… Read more

Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw. Read more

A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming. Read more

Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said. Read more

Saryu Nayyar, CEO at Gurucul, peeks into Mitre’s list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers. Read more