Category: alerts

David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding “hacker logic” can help prioritize defenses. Read more

Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers. Read more

Threatpost explores 5 big takeaways from 2020 — and what they mean for 2021. Read more

In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime. Read more

Original release date: December 28, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor —… Read more

Original release date: December 24, 2020 CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen… Read more

The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Read more

Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. Read more

Original release date: December 23, 2020 CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this… Read more

Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world. Read more