ClearInfosec TIB Logo
Date:Sep 29, 2021
 
      Cyber Security News
  Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear te...
Read More...
  Microsoft Warns of FoggyWeb Malware Targeting AD FS Servers
The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.
Read More...
  BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms
Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming plat...
Read More...
  Zero Trust Comes to Industrys Broadest Cybersecurity Platform
Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making.
Read More...
  38 Billion Users’ Combined Clubhouse Facebook Data Up for Sale
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.  
Read More...
  TangleBot Campaign Underscores SMS Threat
The attack targets Android devices and starts with a malicious SMS message that aims to bring malware onto compromised devices.
Read More...
      Best Practices
  Breach reporting required for health apps and devices FTC says
The Federal Trade Commission (FTC) commissioners, in a split-vote (3-2), issued a policy statement on September 15, requiring both health applications and co...
Read More...
  Thoma Bravo Completes Strategic Investment in Intel 471
Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments.
Read More...
  75K Email Inboxes Hit in New Credential Phishing Campaign
Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says.
Read More...
      New Threats and Vulnerabilities
  CVE-2020-4690
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound ...
Read More...
  CVE-2021-1546
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to i...
Read More...
  CVE-2021-21913
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to ...
Read More...
  CVE-2021-22941
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zon...
Read More...
  CVE-2021-33035
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data ...
Read More...
  CVE-2021-33907
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when perfor...
Read More...
      Patch Management
  US Government tells firms not to give in to ransomware demands as first crypto exchange sanctioned for laundering cyber ransoms
The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands, as for...
Read More...
  Exploit released for VMware vulnerability after CISA warning
VMware, CISA and many experts have been begging people to address the CVE-2021-22005 issue.
Read More...
  Gamers Beware: Malware Hunts Steam Epic and EA Origin Accounts
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.
Read More...