Category: alerts
Category Added in a WPeMatico Campaign
-
Microsoft, Adobe Exploits Top List of Crooks’ Wish List
You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market. Read more
-
Magecart Goes Server-Side in Latest Tactics Changeup
The latest Magecart iteration is finding success with a new PHP web shell skimmer. Read more
-
Vulnerability Summary for the Week of May 10, 2021
Original release date: May 17, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor… Read more
-
CISOs Struggle to Cope with Mounting Job Stress
Pandemic and evolving IT demands are having a major, negative impact on CISO’s mental health, a survey found. Read more
-
Verizon: Pandemic Ushers in ⅓ More Cyber-Misery
The DBRI – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers. Read more
-
‘Scheme Flooding’ Allows Websites to Track Users Across Browsers
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. Read more
-
CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise
Original release date: May 14, 2021 CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally, CISA has publicly issued Emergency Directive (ED) 21-01 Supplemental Direction Version… Read more
-
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting. Read more
-
WordPress Releases Security Update
Original release date: May 13, 2021 WordPress versions between 3.7 and 5.7.1 are affected by a security vulnerability. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.7.2. This product is provided subject to this Notification… Read more
-
Colonial Pipeline Shells Out $5M in Extortion Payout, Report
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. Read more