ClearInfosec TIB Logo
Date:Oct 06, 2021
 
      Cyber Security News
  Microsoft Warns of Uptick in MSHTML Attacks
Attackers leveraging the flaw are using infrastructure associated with other criminal groups, including ransomware-as-a-service operators, the company says.
Read More...
  15% of the Nasdaq 100 Is Highly Susceptible to a Ransomware Attack New Black Kite Research Finds
Black Kite’s Ransomware Susceptibility Index (RSI) determined that 1-in-7 Nasdaq-100 companies ranked as highly susceptible to a ransomware attack.
Read More...
  Groove Ransomware Gang Tries New Tactic to Attract Affiliates
The threat group, which leaked some 500,000 credentials for Fortinet SSL VPN devices, views ransomware as just one way to profit from compromised networks, expe...
Read More...
  Recent Breaches Underscore High Healthcare Security Risk
Healthcare institutions in California and Arizona are sending breach notification letters after attackers compromised thousands of patients' data.
Read More...
  Gamers Beware: Malware Hunts Steam Epic and EA Origin Accounts
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.
Read More...
  Flubot Malware Targets Androids With Fake Security Updates
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipi...
Read More...
      Best Practices
  46M Neiman Marcus Online Customers Alerted to Data Breach
The breach occurred in May 2020.
Read More...
  BrandPost: Think You Are Prepared for Ransomware? You’re Probably Not
Ransomware has increased nearly 1100% over the last year according to FortiGuard Labs research, impacting organizations of all sizes and across all market se...
Read More...
  Windows 11 Available: What Security Pros Should Know
Microsoft discusses the security requirements and changes coming to the newest version of its Windows operating system.
Read More...
  CISA Kicks Off Cybersecurity Awareness Month
CISA will dedicate October to encourage everyone to be cyber smart.
Read More...
  Misconfigured Apache Airflow Platforms Threaten Organizations
Security researchers found thousands of credentials for popular cloud-hosted services exposed on insecure instances of the popular workflow management technolog...
Read More...
  CVE Data Is Often Misinterpreted: Heres What to Look For
Common vulnerabilities and exposures (CVEs) contain actionable details that can help address your security concerns. Here's how to get more from CVE data.
Read More...
      New Threats and Vulnerabilities
  CVE-2021-20554
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th...
Read More...
  CVE-2021-21089
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds...
Read More...
  CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Read More...
  CVE-2021-36298
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially ex...
Read More...
  CVE-2021-3747
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
Read More...
  CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writi...
Read More...
      Patch Management
  Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks
Over 1.5 million stolen credential sets are being used by one fraud operation.
Read More...
  Ransomware gangs are complaining that other crooks are stealing their ransoms
Ransomware gangs are shocked to find out that cyber crooks will scam other criminals if they can.
Read More...
  Google just patched these two Chrome zero-day bugs that are under attack right now
More zero-day flaws pile up on Google Chrome in a year that saw flaws spike across all major software platforms.
Read More...
  €70 million ransomware gang busted in Ukraine
Law enforcement agencies may have had a significant victory in the battle against ransomware gangs, following the arrest of two men in Ukraine. Read more in ...
Read More...