ClearInfosec TIB Logo
Date:Aug 25, 2021
 
      Cyber Security News
  Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day
Cybersecurity watchdog Citizen Lab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new...
Read More...
  B Braun updates faulty IV pump after McAfee discovers vulnerability allowing attackers to change doses
The vulnerability has been patched by B. Braun but McAfee said hospitals routinely use out-of-date tools and software.
Read More...
  Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
Read More...
  Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and...
Read More...
  446 Australian breach notifications with 30% of system faults found after a year
976 data breach notifications were made to the OAIC in the 2020-21 financial year, with health keeping its crown as the most breached sector. In the second half...
Read More...
  Microsoft Power Apps misconfiguration exposes 38 million data records
The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City, says Upguard.
Read More...
      Best Practices
  How attackers could exploit breached T-Mobile user data
T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. The exposed details diffe...
Read More...
  OnePercent ransomware group hits companies via IceID banking Trojan
The FBI is warning companies that a ransomware group calling itself OnePercent or 1Percent is leveraging the IceID Trojan and the Cobalt Strike backdoor to g...
Read More...
  BrandPost: The CIS Benchmarks Community Consensus Process
The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The...
Read More...
      New Threats and Vulnerabilities
  CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regard...
Read More...
  CVE-2021-28634
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralizatio...
Read More...
  CVE-2021-29704
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Read More...
  CVE-2021-22238
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
Read More...
  CVE-2021-39614
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext pass...
Read More...
      Patch Management
  Half of MS Exchange servers at risk in ProxyShell debacle
The No More Ransom website has become one of the first ports of call for any individual or company whose computer has been hit by a ransomware attack.
Read More...
  Half of APAC firms bypass processes to accommodate remote work
Some 56% of businesses in the region admit to sidestepping digital measures so new requirements for flexible work arrangements can be implemented, despite 48% e...
Read More...
  Apple Microsoft and Amazon chiefs to meet Biden over critical infrastructure cyber attacks
US President invites CEOs of US tech giants to discuss how critical infrastructure can be protected from foreign cyber attackers.
Read More...
  Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.
Read More...