Author: DEFENDEDGE
-
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood. Read more
-
FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware
Original release date: October 27, 2021 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late 2020. CISA encourages users and administrators to review the IOCs and technical details in… Read more
-
Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. Read more
-
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner. Read more
-
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. Read more
-
Defending Assets You Don’t Know About Against Cyberattacks
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality. Read more
-
BillQuick Billing App Rigged to Inflict Ransomware
A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware. Read more
-
NOBELIUM Attacks on Cloud Services and other Technologies
Original release date: October 25, 2021 Microsoft has released a blog on NOBELIUM attacks on cloud services and other technologies. CISA urges users and administrators to review [NOBELIUM targeting delegated administrative privileges to facilitate broader attacks] and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy. Read more
-
CISA Urges Sites to Patch Critical RCE in Discourse
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central. Read more
-
Vulnerability Summary for the Week of October 18, 2021
Original release date: October 25, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — ops-cli Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file.… Read more