ClearInfosec TIB Logo
Date:Sep 22, 2021
 
      Cyber Security News
  CISA FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
Read More...
  Texas California New York Louisiana Missouri lead list of states with most ransomware attacks on schools: report
A Comparitech study tracked more than 220 ransomware attacks on schools in the US since 2018.
Read More...
  Passport info and healthcare data leaked from Indonesias COVID-19 test-and-trace app for travelers
About 1.3 million people had their sensitive personal data, COVID-19 test results and more exposed on an open server.
Read More...
  T-Mobile hack: Everything you need to know
More than 50 million T-Mobile customers were affected by the hack and about 48 million social security number were accessed.
Read More...
  Ransomware attackers targeted app developers with malicious Office docs says Microsoft
Hackers linked to ransomware deployments used a recently discovered flaw to target application developers.
Read More...
  ‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.
Read More...
      Best Practices
  HP CISO Joanna Burkey: Securing remote workers requires a collaborative approach
Tensions between IT teams and employees working from home threaten the security of organizations, with attempts to increase or update security for remote wor...
Read More...
  How CISOs and CIOs should share cybersecurity ownership
In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective ru...
Read More...
  7 unexpected ransomware costs
Ransomware is one of the fastest-growing cybersecurity attacks. One of the factors that makes these threats especially intimidating is that the costs can be ...
Read More...
  How APTs become long-term lurkers: Tools and techniques of a targeted attack
Detecting compromises by highly skilled attackers is no easy task, requiring advanced network traffic monitoring, behavioral analysis of endpoint logs, and e...
Read More...
      New Threats and Vulnerabilities
  CVE-2021-29825
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID:...
Read More...
  CVE-2021-41079
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+...
Read More...
  CVE-2021-41314
Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme...
Read More...
  CVE-2021-31917
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all ...
Read More...
  CVE-2021-20037
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially...
Read More...
  CVE-2021-31844
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code wi...
Read More...
      Patch Management
  Managing cyber risk through integrated supply chains
A bug unravels 3D printer security, cryptocurrency sites can't stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife's kn...
Read More...
  CISA warns of APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus
Zoho released a patch for the issue on September 6.
Read More...
  This banking Trojan abuses YouTube to manage remote settings
The spam-spread malware is another headache for Latin America in the cybersecurity realm.
Read More...
  Ransomware attackers targeted app developers with malicious Office docs says Microsoft
Hackers linked to ransomware deployments used a recently discovered flaw to target application developers.
Read More...
  Turla hacking group launches new backdoor in attacks against US Afghanistan
The Russian cyberattackers are using the new module to become more stealthy.
Read More...