Author: DEFENDEDGE

  • Keep Attackers Out of VPNs: Feds Offer Guidance

    The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. Read more

  • Apple AirTag Zero-Day Weaponizes Trackers

    Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. Read more

  • CISA and NSA Release Guidance on Selecting and Hardening VPNs

    Original release date: September 28, 2021 The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable… Read more

  • RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

    Original release date: September 28, 2021 Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device.   CISA encourages users and administrators to review Hikvision’s Security Advisory HSRC-202109-01 and apply the latest firmware… Read more

  • Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

    The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. Read more

  • A Look Into “Password Hygiene” and How to Implement It

    According to a 2020 study conducted by Stanford University, almost 90% of cyber security breaches are caused by human error. Though there are a variety of factors that contribute to this statistic, one of the main offenses is poor password hygiene. “Password hygiene” is the practice of ensuring your passwords are unique, secure, and difficult to crack. You can do your part toward improving… Read more

  • 5 Steps to Securing Your Network Perimeter

    Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. Read more

  • Vulnerability Summary for the Week of September 20, 2021

    Original release date: September 27, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ffmpeg — ffmpeg Buffer Overflow vulnerability in function… Read more

  • VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

    Original release date: September 24, 2021 On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server. On September 24, 2021, VMware confirmed reports that… Read more

  • Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

    Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Read more