Author: DEFENDEDGE
-
Apple macOS Flaw Allows Kernel-Level Compromise
‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations. Read more
-
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion
An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems. Read more
-
‘Trojan Source’ Hides Invisible Bugs in Source Code
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. Read more
-
Vulnerability Summary for the Week of October 25, 2021
Original release date: November 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or… Read more
-
GoCD Authentication Vulnerability
Original release date: October 29, 2021 GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to update to GoCD 21.3.0… Read more
-
NSA-CISA Series on Securing 5G Cloud Infrastructures
Original release date: October 28, 2021 The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts by threat actors who have gained initial… Read more
-
2021 CWE Most Important Hardware Weaknesses
Original release date: October 28, 2021 The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead… Read more
-
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti. Read more
-
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media. Read more
-
Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. Read more