Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
-
Critical ForgeRock Access Management Vulnerability
Original release date: July 12, 2021 Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability… Read more
-
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. Read more
-
Microsoft Office Users Warned on New Malware-Protection Bypass
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it. Read more
-
Coursera Flunks API Security Test in Researchers’ Exam
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. Read more
-
CISA Releases Analysis of FY20 Risk and Vulnerability Assessments
Original release date: July 8, 2021 CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors. The analysis details a sample attack path a cyber threat actor could take to compromise an organization with weaknesses that are representative of… Read more
-
MacOS Targeted in WildPressure APT Malware Campaign
Threat actors enlist compromised WordPress websites in campaign targeting macOS users. Read more
-
Critical Sage X3 RCE Bug Allows Full System Takeovers
Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data. Read more
-
Why I Love (Breaking Into) Your Security Appliances
David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them. Read more
-
Microsoft Releases Emergency Patch for PrintNightmare Bugs
The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date. Read more
-
Microsoft Releases Out-of-Band Security Updates for PrintNightmare
Original release date: July 6, 2021 Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related… Read more