Author: DEFENDEDGE

Here’s what cybersecurity watchers want infosec pros to know heading into 2022.   Read more

The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. Read more

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. Read more

Original release date: December 27, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context… Read more

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.  Read more

A look back at what was hot with readers in this second year of the pandemic. Read more

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. Read more

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. Read more

Original release date: December 22, 2021 The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version addresses vulnerabilities—CVE-2021-44790 and CVE-2021-44224—that a remote attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Apache announcement and update as soon as possible. This product is provided subject to… Read more

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Read more