Author: DEFENDEDGE
-
Mobile Adware Booms, Online Banks Become Prime Target for Attacks
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. Read more
-
Vulnerability Summary for the Week of February 22, 2021
Original release date: March 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info alleghenycreative — openrepeater OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. 2021-02-19 10 CVE-2019-25024 MISC MISC amaze_file_manager_project — amaze_file_manager Amaze File Manager before 3.5.1 allows attackers… Read more
-
Firewall Vendor Patches Critical Auth Bypass Flaw
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users. Read more
-
NSA Releases Guidance on Zero Trust Security Model
Original release date: February 26, 2021 The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred. CISA… Read more
-
Tax Season Ushers in Quickbooks Data-Theft Spike
Quickbooks malware targets tax data for attackers to sell and use in phishing scams. Read more
-
Cisco Warns of Critical Auth-Bypass Security Flaw
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. Read more
-
VMWare Patches Critical RCE Flaw in vCenter Server
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system. Read more
-
Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox
Original release date: February 24, 2021 Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 78.8, Firefox ESR 78.8, and Firefox 86. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories and apply the necessary updates. This… Read more
-
VMware Releases Multiple Security Updates
Original release date: February 24, 2021 VMware has released security updates to address multiple vulnerabilities–CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates. This… Read more
-
Nvidia’s Anti-Cryptomining Chip May Not Discourage Attacks
The hotly anticipated ray-tracing, advanced gaming graphics chip will throttle Ethereum mining. Read more