Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and… Read more
-
NSA and CISA Release Part III of Guidance on Securing 5G Cloud Infrastructures
Original release date: December 2, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the third of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part III: Data Protection examines security during all phases of the data lifecycle—in transit, in use, and at rest. The guidance focuses on protecting the confidentiality,… Read more
-
Mozilla Releases Security Updates for Network Security Services
Original release date: December 2, 2021 Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for NSS and apply the necessary update. This product is provided… Read more
-
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. Read more
-
How Decryption of Network Traffic Can Improve Security
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing. Read more
-
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Original release date: December 1, 2021 CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the… Read more
-
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks
The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks. Read more
-
IKEA Hit by Email Reply-Chain Cyberattack
IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads. Read more
-
Unpatched Windows Zero-Day Allows Privileged File Access
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. Read more
-
Vulnerability Summary for the Week of November 22, 2021
Original release date: November 29, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 4mosan — gcb_doctor 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt… Read more