Category: alerts

Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls. Read more

Original release date: November 24, 2020 With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions. CISA encourages online… Read more

Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes. Read more

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. Read more

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid. Read more

Original release date: November 23, 2020 VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review VMware Security Advisory VMSA-2020-0027… Read more

Original release date: November 23, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor… Read more

The popular U.K. soccer club confirmed an attack but said personal fan data remains secure. Read more

The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge. Read more

The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them. Read more