Category: alerts

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them. Read more

Original release date: November 3, 2021 The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) on ransomware actors using significant financial events, such as mergers and acquisitions, to target and leverage victim companies. CISA encourages users and administrators to review Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate… Read more

Original release date: November 3, 2021 CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. To support this Directive, CISA has established a catalog of relevant… Read more

Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components. Read more

‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations. Read more

An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems. Read more

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. Read more

Original release date: November 1, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or… Read more

Original release date: October 29, 2021 GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to update to GoCD 21.3.0… Read more

Original release date: October 28, 2021 The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts by threat actors who have gained initial… Read more