ClearInfosec TIB Logo
Date:Nov 24, 2021
 
      Cyber Security News
  FBI warning: This zero-day VPN software flaw was exploited by APT hackers
A flaw in FatPipe WARP, MPVPN, and IPVPN software has been patched - so upgrade now.
Read More...
  Over a million WordPress sites breached
UPDATED: WordPress site owners hosted by GoDaddy have had their data exposed -- for months.
Read More...
  Iranians Charged in Cyberattacks Against US 2020 Election
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
Read More...
  Zero Trust: An Answer to the Ransomware Menace?
Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.
Read More...
  Ransomware Phishing Emails Sneak Through SEGs
The MICROP ransomware spreads via Google Drive and locally stored passwords.
Read More...
      Best Practices
  The Kaseya ransomware attack: A timeline
The attack on US-based software provider Kaseya by notorious Russia-linked ransomware group REvil in July 2021 is estimated to have affected up to 2,000 glob...
Read More...
  BrandPost: Clearing Up Confusion on Supply Chain Attacks
The SolarWinds breach that was uncovered at the end of 2020 left organizations around the globe wondering about the security of their own supply chains – and...
Read More...
  NIST workshop provides clues to upcoming software supply chain security guidelines
President Biden’s wide-ranging cybersecurity executive order (EO) issued in May aims to improve software security through a series of guidelines. As the EO d...
Read More...
  California Pizza Kitchen Suffers Data Breach
Personal data, including Social Security numbers, of more than 100K employees exposed.
Read More...
      New Threats and Vulnerabilities
  CVE-2021-40753
Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially ...
Read More...
  CVE-2021-36372 (ozone)
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users w...
Read More...
  CVE-2021-36322
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exp...
Read More...
  CVE-2021-34400
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to informat...
Read More...
  CVE-2021-41569
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the ...
Read More...
      Patch Management
  Schrems accuses Irish DPC of trying to block publication of Facebook documents
The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, as it offers advice for other organisations on...
Read More...
  Sky ECC provided free cryptophones to a Canadian police force
The Conti ransomware gang is outraged that the United States appears to have hacked into the REvil ransomware gang's infrastructure, and knocked it offline...
Read More...
  Facebooks Meta pushes back Messenger and Instagram encryption plans until 2023
Facebook's messaging encryption plans move back by a year.
Read More...
  Apple sues NSO Group over Pegasus spyware
Apple is seeking a permanent injunction that bans NSO Group from using any Apple software, services or devices.
Read More...