ClearInfosec TIB Logo
Date:Nov 03, 2021
 
      Cyber Security News
  Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App
Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials ...
Read More...
  Squid Game Crypto Scammers Rips Off Investors for Millions
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.
Read More...
  Ransomware Gangs Target Corporate Financial Activities
The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.
Read More...
  Android Patches Actively Exploited Zero-Day Kernel Bug
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.
Read More...
  Apple macOS Flaw Allows Kernel-Level Compromise
‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device...
Read More...
      Best Practices
  What Exactly Is Secure Access Service Edge (SASE)?
Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.
Read More...
  Finding the Right Approach to Cloud Security Posture Management (CSPM)
Cloud security is maturing — it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal's CTO, reviews one of the latest: CSPM.
Read More...
  Top Hardware Weaknesses List Debuts
CWE list aimed at designers and programmers to avoid key hardware weaknesses early in product development.
Read More...
      New Threats and Vulnerabilities
  CVE-2019-19810
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated atta...
Read More...
  CVE-2021-1122
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of ser...
Read More...
  CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
Read More...
  CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header ...
Read More...
  CVE-2021-3440
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
Read More...
  CVE-2021-30824 (mac_os_x macos)
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS B...
Read More...
      Patch Management
  Businesses dont talk about being victims of cyberattacks That needs to change
Organisations that fall victim to cyberattacks are rarely willing to discuss incidents, but more transparency is needed says an ex-NSA chief.
Read More...
  Yahoo pulls plug on services in China: Report
Yahoo has reportedly cited 'increasingly challenging' environment for its exit out of China.
Read More...
  Google fixes two high-severity zero-day flaws in Chrome
This is the third set of zero-day patches for Chrome in three months.
Read More...