Sign Up – No Cost!

Category: alerts

Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.

  • Thousands of University Wi-Fi Networks Expose Log-In Credentials

    DEFENDEDGE

    Multiple configuration flaws in a free Wi-Fi network used by numerous universities can allow access to usernames and passwords of students and faculty who connect to the system from Android and Windows devices, researchers have found. A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe,… Read more

  • Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

    DEFENDEDGE

    Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. Read more

  • Keep Attackers Out of VPNs: Feds Offer Guidance

    DEFENDEDGE

    The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. Read more

  • Apple AirTag Zero-Day Weaponizes Trackers

    DEFENDEDGE

    Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. Read more

  • CISA and NSA Release Guidance on Selecting and Hardening VPNs

    DEFENDEDGE

    Original release date: September 28, 2021 The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable… Read more

  • RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

    DEFENDEDGE

    Original release date: September 28, 2021 Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device.   CISA encourages users and administrators to review Hikvision’s Security Advisory HSRC-202109-01 and apply the latest firmware… Read more

  • Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

    DEFENDEDGE

    The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. Read more

  • 5 Steps to Securing Your Network Perimeter

    DEFENDEDGE

    Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. Read more

  • Vulnerability Summary for the Week of September 20, 2021

    DEFENDEDGE

    Original release date: September 27, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ffmpeg — ffmpeg Buffer Overflow vulnerability in function… Read more

  • VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

    DEFENDEDGE

    Original release date: September 24, 2021 On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server. On September 24, 2021, VMware confirmed reports that… Read more