Author: DEFENDEDGE
-
Netgear Smart Switches Open to Complete Takeover
The Demon’s Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks. Read more
-
Microsoft Releases Mitigations and Workarounds for CVE-2021-40444
Original release date: September 7, 2021 Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrators to review… Read more
-
Jenkins Hit as Atlassian Confluence Cyberattacks Widen
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed. Read more
-
Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast
Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to “What are we doing right?” instead of the constant reminders of what’s not working in fending off threats. Read more
-
Vulnerability Summary for the Week of August 30, 2021
Original release date: September 6, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info atlassian — confluence In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code… Read more
-
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. Read more
-
CISA Insights on Risk Considerations for Managed Service Provider Customers
Original release date: September 3, 2021 CISA has released a new CISA Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides Managed Service Provider (MSP) customers a framework for reducing risk. This framework is designed for government and private sector organizations of all sizes, and it suggests considerations for IT management planning, best… Read more
-
Atlassian Releases Security Updates for Confluence Server and Data Center
Original release date: September 3, 2021 On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting Confluence Server and Data Center. Recently, CVE-2021-26084 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. CISA urges users… Read more
-
SEC Fines Three Financial Advisory Firms Due To The Failure To Protect Customer PII
U.S. Securities and Exchange Commission (SEC) regulators sanctioned eight entities associated with three financial advisory firms for failing to protect the personally identifying information (PII) of thousands of their customers whose email accounts were hacked. The SEC separately charged five entities tied to Cetera Entities, two associated with Cambridge Investment Research and KMS Financial Services… Read more
-
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors’ chipsets. Read more