Category: alerts

So much for Windows 10’s security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. Read more

Multiple vulnerabilities in software used by 65 vendors under active attack. Read more

Original release date: August 21, 2021 CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary… Read more

Original release date: August 21, 2021 The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments,… Read more

Original release date: August 21, 2021 Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all… Read more

Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. Read more

Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. Read more

The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life. Read more

Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention. Read more

Original release date: August 19, 2021 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the… Read more