Author: DEFENDEDGE

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution. Read more

NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime. Read more

The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other. Read more

Original release date: November 4, 2021 On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range… Read more

The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor. Read more

The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members. Read more

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them. Read more

Original release date: November 3, 2021 The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) on ransomware actors using significant financial events, such as mergers and acquisitions, to target and leverage victim companies. CISA encourages users and administrators to review Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate… Read more

Original release date: November 3, 2021 CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. To support this Directive, CISA has established a catalog of relevant… Read more

Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components. Read more