Category: alerts

Category Added in a WPeMatico Campaign

  • Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data

    The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year. Read more

  • Mozilla Releases Security Update for Thunderbird

    Original release date: December 2, 2020 Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 78.5.1 and apply the necessary… Read more

  • Xerox Releases Security Updates for DocuShare

    Original release date: December 2, 2020 Xerox has released security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a vulnerability that could allow an unauthenticated attacker to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) urges users and administrators review Xerox Mini Bulletin XRX20W and apply the necessary updates. This product is… Read more

  • iPhone Bug Allowed for Complete Device Takeover Over the Air

    Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May. Read more

  • Android Messenger App Still Leaking Photos, Videos

    The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers. Read more

  • Cayman Islands Bank Records Exposed in Open Azure Blob

    An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs. Read more

  • AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class=”tip-intro” style=”font-size: 15px;”><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href=”https://attack.mitre.org/versions/v7/techniques/enterprise/”>ATT&amp;CK for Enterprise</a> for all referenced threat actor tactics and techniques.</em></p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions… Read more

  • Electronic Medical Records Cracked Open by OpenClinic Bugs

    Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more. Read more

  • Post-Cyberattack, UVM Health Network Still Picking Up Pieces

    More than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues. Read more

  • Vulnerability Summary for the Week of November 23, 2020

    Original release date: November 30, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor… Read more