Category: alerts
Category Added in a WPeMatico Campaign
-
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL. Read more
-
Top 3 API Vulnerabilities: Why Apps are Pwned by Cyberattackers
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them. Read more
-
WooCommerce Pricing Plugin Allows Malicious Code-Injection
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers. Read more
-
LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. Read more
-
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
HPE joins Apple in warning customers of a high-severity Sudo vulnerability. Read more
-
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims’ personal information, sensitive company data and more. Read more
-
Vulnerability Summary for the Week of August 23, 2021
Original release date: August 30, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — bridge Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the… Read more
-
CISA Adds Single-Factor Authentication to list of Bad Practices
Original release date: August 30, 2021 Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system.… Read more
-
Microsoft Azure Cosmos DB Guidance
Original release date: August 27, 2021 CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance… Read more
-
Winning the Cyber-Defense Race: Understand the Finish Line
Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It’s not achieving visibility. Read more