ClearInfosec TIB Logo
Date:Aug 18, 2021
 
      Cyber Security News
  Half of vulnerabilities Singapore government finds via bounties disclosures are valid
Amongst more than 1,000 vulnerability reports involving government systems submitted via bug bounties and public disclosure schemes, 496 have been ascertained t...
Read More...
  This password-stealing Windows malware is distributed via ads in search results
MosaicLoader can be used to steal passwords, install cryptocurrency miners and deliver trojan malware warn researchers, who say those behind it want to sell acc...
Read More...
  Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
Read More...
  DHS releases new mandatory cybersecurity rules for pipelines after Colonial ransomware attack
CISA also sent out an alert saying 13 pipelines had been successfully attacked between 2011 and 2013.
Read More...
  AdLoad Malware 2021 Samples Skate Past Apple XProtect
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls....
Read More...
      Best Practices
  6 risk factors to know when hiring an MSSP
With enterprise adoption of managed security services gradually maturing, the rewards and risks of using these services have become a lot clearer for current...
Read More...
  CISOs’ 15 top strategic priorities for 2021
Security's all-too-frequent appearance as a front-page headline making topic has put CISOs in the hot seat as CEOs and boards worry that it could be their na...
Read More...
  IoT devices have serious security deficiencies due to bad random number generation
The confidentiality and integrity assurances of modern communication protocols rely on algorithms that generate secret tokens that attackers cannot guess. Th...
Read More...
      New Threats and Vulnerabilities
  CVE-2020-36363
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be we...
Read More...
  CVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused...
Read More...
  CVE-2021-26423
.NET Core and Visual Studio Denial of Service Vulnerability
Read More...
  CVE-2021-26428
Azure Sphere Information Disclosure Vulnerability
Read More...
  CVE-2021-26424
Windows TCP/IP Remote Code Execution Vulnerability
Read More...
  CVE-2021-34398
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which...
Read More...
      Patch Management
  Accenture hit by apparent ransomware attack
Accenture appears to have been hit by the LockBit ransomware gang, who are offering to sell data stolen from the global consultancy firm to interested parties.
Read More...
  NCSC for Startups initiative launched with Plexal
17 domains used in Business Email Compromise (BEC) scams have been seized by Microsoft's Digital Crimes Unit (DCU), following an investigation by the software g...
Read More...
  Cornell University researchers discover code-poisoning attack
The attack would allow people to compromise email accounts, affect machine learning models and more.
Read More...
  T-Mobile says hackers accessed user data but wont confirm SSN breach of 100 million customers
The hacker selling the data had social security numbers, drivers licenses info, phone numbers, names, addresses and IMEI numbers.
Read More...