Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
-
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. Read more
-
Vulnerability Summary for the Week of December 20, 2021
Original release date: December 27, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context… Read more
-
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. Read more
-
The 5 Most-Wanted Threatpost Stories of 2021
A look back at what was hot with readers in this second year of the pandemic. Read more
-
4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. Read more
-
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. Read more
-
Apache Releases Security Update for HTTP Server
Original release date: December 22, 2021 The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version addresses vulnerabilities—CVE-2021-44790 and CVE-2021-44224—that a remote attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Apache announcement and update as soon as possible. This product is provided subject to… Read more
-
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Read more
-
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
Original release date: December 22, 2021 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially… Read more
-
AA21-356A: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
Original release date: December 22, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the… Read more