ClearInfosec TIB Logo
Date:Sep 15, 2021
 
      Cyber Security News
  This ransomware has returned with new techniques to make attacks more effective
LockBit ransomware has been around since 2019, but those behind it are adding new features and aggressively advertising to attract new cyber criminal affiliates...
Read More...
  T-Mobile says information of more than 48 million customers leaked in breach
The hacker behind the attack claimed they had the information of 100 million T-Mobile customers.
Read More...
  Ransomware: These four rising gangs could be your next major cybersecurity threat
Cybersecurity researchers at Palo Alto Networks detail four extortion groups that have gained traction in recent months, as the threat of ransomware continues t...
Read More...
  446 Australian breach notifications with 30% of system faults found after a year
976 data breach notifications were made to the OAIC in the 2020-21 financial year, with health keeping its crown as the most breached sector. In the second half...
Read More...
  Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts
A spokesperson said there was no impact on the Virginia Army National Guard or Virginia Air National Guard IT infrastructure.
Read More...
      New Threats and Vulnerabilities
  CVE-2021-34786
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or g...
Read More...
  CVE-2021-40284
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cg...
Read More...
  CVE-2021-37414
Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.
Read More...
  CVE-2021-20569
IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.
Read More...
  CVE-2021-21489
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-S...
Read More...
  CVE-2021-40866
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon...
Read More...
  CVE-2021-29988
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitab...
Read More...
      Patch Management
  Microsoft warns of a Windows zero-day security hole that is being actively exploited
In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against orga...
Read More...
  Dell rolls out a set of new data security tools to address latency and scale issues
Dell announces three products that it claims will help keep enterprises secure while they grow.
Read More...
  Microsoft: Weve fixed Azure container flaw that could have leaked data
Microsoft has plugged a container escape flaw affecting Azure Container Instances.
Read More...
  Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase
Barlow Respiratory Hospital in California escaped the worst of a recent ransomware attack but still had patient data posted to a leak site.
Read More...
  Over 60 million wearable fitness tracking records exposed via unsecured database
Data sources included Apple's HealthKit and Fitbit.
Read More...
  Adobe Snuffs Critical Bugs in Acrobat Experience Manager
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.
Read More...
      Best Practices
  The case for a SaaS bill of material
President Biden’s cybersecurity Executive Order on Improving the Nation’s Cybersecurity has triggered massive buzz regarding software bills of material (SBOM...
Read More...
  18 cybersecurity startups to watch
If you want to know what’s new in cybersecurity, watch what the startup vendors are doing. They typically begin with an innovative idea and are unfettered by...
Read More...
  Federal agencies face new zero-trust cybersecurity requirements
As part of the Biden administration's wide-ranging cybersecurity executive order (EO) issued in May, the Office of Management and Budget (OMB) and the Cybers...
Read More...
  8 pitfalls that undermine security program success
Some of the biggest breaches have come down to small mistakes.Hackers used a compromised password to access the company network via a virtual private network...
Read More...