Author: DEFENDEDGE
-
Police Vouch for Hacker Who Guessed Trump’s Twitter Password
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October. Read more
-
Nuclear Weapons Agency Hacked in Widening Cyberattack – Report
Sources said the DoE suffered “damage” in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector. Read more
-
AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Original release date: December 17, 2020<br/><h3>Summary</h3><p class=”tip-intro” style=”font-size: 15px;”><em>This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the <a href=”https://attack.mitre.org/versions/v8/”>ATT&CK for Enterprise version 8</a> for all referenced threat actor tactics and techniques.</em></p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical… Read more
-
The SolarWinds Perfect Storm: Default Password, Access Sales and More
Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. Read more
-
Easy WP SMTP Security Bug Can Reveal Admin Credentials
A poorly configured file opens users up to site takeover. Read more
-
Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The worm returned in recent attacks against web applications, IP cameras and routers. Read more
-
Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome
Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support. Read more
-
Apple Releases Security Updates for Multiple Products
Original release date: December 15, 2020 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iOS 14.3 and… Read more
-
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. Read more
-
Vulnerability Summary for the Week of December 7, 2020
Original release date: December 14, 2020 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acdsee — photo_studio_2021 PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. 2020-12-07 7.5 CVE-2020-29595 MISC anydesk — anydesk AnyDesk for macOS versions… Read more