Category: alerts

The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain. Read more

Original release date: September 21, 2021 NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review NETGEAR’s Security Advisory and update to the latest firmware. Given the increase in telework,… Read more

Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. Read more

Original release date: September 20, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. 2021-09-10 7.5 CVE-2021-37422 MISC zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is… Read more

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. Read more

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. Read more

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. Read more

Original release date: September 16, 2021 The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.     The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities,… Read more

Original release date: September 16, 2021 The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that… Read more

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States… Read more