🕴 Andariel Group Targets South Korean Entities in New Campaign 🕴
📖 Read
via "Dark Reading".
Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.📖 Read
via "Dark Reading".
❌ Millions of Connected Cameras Open to Eavesdropping ❌
📖 Read
via "Threat Post".
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.📖 Read
via "Threat Post".
Threat Post
Millions of Connected Cameras Open to Eavesdropping
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.
🕴 Security Experts Scrutinize Apple, Amazon IoT Networks 🕴
📖 Read
via "Dark Reading".
Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.📖 Read
via "Dark Reading".
Dark Reading
Security Experts Scrutinize Apple, Amazon IoT Networks
Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.
🕴 Microsoft Disrupts Large-Scale BEC Campaign Across Web Services 🕴
📖 Read
via "Dark Reading".
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.📖 Read
via "Dark Reading".
🕴 Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet 🕴
📖 Read
via "Dark Reading".
Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.📖 Read
via "Dark Reading".
Dark Reading
Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet
Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.
‼ CVE-2021-34170 ‼
📖 Read
via "National Vulnerability Database".
Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21316 ‼
📖 Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30550 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24037 ‼
📖 Read
via "National Vulnerability Database".
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32623 ‼
📖 Read
via "National Vulnerability Database".
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9493 ‼
📖 Read
via "National Vulnerability Database".
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.📖 Read
via "National Vulnerability Database".
❌ Peloton Bike+ Bug Gives Hackers Complete Control ❌
📖 Read
via "Threat Post".
An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.📖 Read
via "Threat Post".
Threat Post
Peloton Bike+ Bug Gives Hackers Complete Control
An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.
❌ Researchers: Booming Cyber-Underground Market for Initial-Access Brokers ❌
📖 Read
via "Threat Post".
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets.📖 Read
via "Threat Post".
Threat Post
Researchers: Booming Cyber-Underground Market for Initial-Access Brokers
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets.
‼ CVE-2021-21441 ‼
📖 Read
via "National Vulnerability Database".
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.📖 Read
via "National Vulnerability Database".
❌ 5 Tips to Prevent and Mitigate Ransomware Attacks ❌
📖 Read
via "Threat Post".
Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.📖 Read
via "Threat Post".
Threat Post
5 Tips to Prevent and Mitigate Ransomware Attacks
Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.
🦿 The many ways a ransomware attack can hurt your organization 🦿
📖 Read
via "Tech Republic".
Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.📖 Read
via "Tech Republic".
TechRepublic
The many ways a ransomware attack can hurt your organization
Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.
⚠ Clop ransomware suspects busted in Ukraine, money and motors seized ⚠
📖 Read
via "Naked Security".
Victims in South Korea and the USA, suspects busted in Ukraine.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 Don't Get Stymied by Security Indecision 🕴
📖 Read
via "Dark Reading".
You might be increasing cyber-risk by not actively working to reduce it.📖 Read
via "Dark Reading".
Dark Reading
Cyber Risk recent news | Dark Reading
Explore the latest news and expert commentary on Cyber Risk, brought to you by the editors of Dark Reading
‼ CVE-2021-27485 ‼
📖 Read
via "National Vulnerability Database".
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31857 ‼
📖 Read
via "National Vulnerability Database".
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.📖 Read
via "National Vulnerability Database".
🦿 Akamai adds automation and machine learning to protect user accounts, APIs and applications 🦿
📖 Read
via "Tech Republic".
Edge platform cybersecurity enhancements are intended to increase responsiveness and augment decision-making, the company said.📖 Read
via "Tech Republic".
TechRepublic
Akamai adds automation and machine learning to protect user accounts, APIs and applications
Edge platform cybersecurity enhancements are intended to increase responsiveness and augment decision-making, the company said.