Author: DEFENDEDGE

The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. Read more

Original release date: July 8, 2021 CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors. The analysis details a sample attack path a cyber threat actor could take to compromise an organization with weaknesses that are representative of… Read more

Threat actors enlist compromised WordPress websites in campaign targeting macOS users. Read more

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data. Read more

David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them. Read more

The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date. Read more

Original release date: July 6, 2021 Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related… Read more

Original release date: July 6, 2021 CISA has released an Industrial Controls Systems (ICS) Medical Advisory detailing multiple vulnerabilities in multiple Philips Clinical Collaboration Platform Portal (officially registered as Vue PACS) products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the… Read more

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. Read more

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116. Read more