ClearInfosec TIB Logo
Date:Jul 21, 2021
 
      Cyber Security News
  Facebook says it disrupted Iranian hacking campaign tied to Tortoiseshell gang
On Facebook, roughly 200 accounts associated with the cyber espionage campaign were blocked and taken down.
Read More...
  SonicWall Warns Secure VPN Hardware Bugs Under Attack
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.
Read More...
  Chinese APT LuminousMoth abuses Zoom brand to target govt agencies
Fake Zoom apps are being spread to conduct cyber surveillance.
Read More...
  MITRE announces first evaluations of cybersecurity tools for industrial control systems
MITRE tested products using the Triton malware, which was used to attack the industrial systems of companies in Saudi Arabia.
Read More...
  HP patches vulnerable driver lurking in printers for 16 years
Cyberattackers could exploit the bug to secure system-level privileges.
Read More...
      Best Practices
  CISA: China successfully targeted US oil and natural gas infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) issued on July 20, 2021, an alert (AA-22-2021A) addressing the successful Chinese intrusion of th...
Read More...
  US charges four suspected Chinese spies who coordinated APT40 hackers
On Monday, the US, EU, UK, NATO and other allies publicly attributed the cyberattacks that compromised thousands of organizations earlier this year through M...
Read More...
  Business email compromise (BEC) attacks take phishing to the next level
Business email compromise definitionTo read this article in full, please click here(Insider Story)
Read More...
      New Threats and Vulnerabilities
  CVE-2021-20439
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized us...
Read More...
  CVE-2021-21587
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerabil...
Read More...
  CVE-2021-36772
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
Read More...
  CVE-2021-34467
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34468, CVE-2021-34520.
Read More...
  CVE-2021-3453
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access t...
Read More...
      Patch Management
  Phishing continues to be one of the easiest paths for ransomware
A Cloudian survey found that 65% of victims that reported phishing as the entry point had conducted anti-phishing training for employees.
Read More...
  US offers $10 million reward in hunt for state-sponsored ransomware attackers
The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign g...
Read More...
  Toddler mobile banking malware surges across Europe
The Android malware is a new and persistent threat to European citizens and banks alike.
Read More...