Category: alerts

Category Added in a WPeMatico Campaign

  • Vulnerability Summary for the Week of July 26, 2021

    Original release date: August 2, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info naviwebs — navigatecms In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend… Read more

  • NSA Warns Public Networks are Hacker Hotbeds

    Agency warns attackers targeting teleworkers to steal corporate data. Read more

  • CISA Announces Vulnerability Disclosure Policy (VDP) Platform

    Original release date: July 30, 2021 CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can… Read more

  • NSA Releases Guidance on Securing Wireless Devices While in Public

    Original release date: July 30, 2021 The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors… Read more

  • CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

    There are patches or remediations for all of them, but they’re still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do? Read more

  • Reboot of PunkSpider Tool at DEF CON Stirs Debate

    Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON. Read more

  • Podcast: Why Securing Active Directory Is a Nightmare

    Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam. Read more

  • AA21-209A: Top Routinely Exploited Vulnerabilities

    Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities… Read more

  • Top Routinely Exploited Vulnerabilities

    Original release date: July 28, 2021 CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by malicious actors in 2020 and those being widely… Read more

  • Zimbra Server Bugs Could Lead to Email Plundering

    Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. Read more