North Korean hackers stole a record-breaking amount of cryptocurrency last year
North Korean hackers continued hammering crypto investment firms and exchanges in 2021.
Read More...
Zoom vulnerabilities impact clients MMR servers
Now-patched vulnerabilities in the videoconferencing software have been analyzed by Google researchers.
Read More...
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
...
Read More...
2FA Bypassed in $346M Cryptocom Heist: What We Can Learn
In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.
Read More...
Red Cross Begs Attackers Not to Leak Stolen Data for 515K People
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migr...
Read More...
Linux Servers at Risk of RCE Due to Critical CWP Bugs
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
Read More...
Best Practices
Test Your Team Not Just Your Disaster Recovery Plan
Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.
Read More...
Cybersecurity Is Broken: How We Got Here & How to Start Fixing It
It's not just your imagination — malicious threats have exponentially increased organizational risk.
Read More...
Test Your Team Not Just Your Disaster Recovery Plan
Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.
Read More...
Kaspersky Announces Takedown Service
Service facilitates the removal of malicious and phishing domains.
Read More...
New Threats and Vulnerabilities
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayo...
Read More...
CVE-2021-31854
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. T...
Read More...
CVE-2021-39032
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...
Read More...
CVE-2021-45052
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of se...
Read More...
CVE-2021-36342
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI t...
Read More...
Patch Management
AirTag use in theft and stalking incidents prompts Apple to update its Personal Safety User Guide
Apple's diminutive trackers have increasingly shown up in news reports around stalking and thefts. The company's updated safety guide includes new information o...
Read More...
QNAP users still struggling with Deadbolt ransomware after forced firmware updates
Censys said about 4,000 devices are still infected with Deadbolt ransomware.
Read More...
Amazon fixes security flaw in AWS Glue service
Amazon Web Services fixes a flaw that could give an attacker access to data of other users on its Glue managed data integration service.
Read More...
Bugcrowd reports increase in critical vulnerabilities found in 2021
Bugcrowd saw a 185% increase in the last 12 months for critical vulnerability submissions with financial services companies.
Read More...
.png)
.png)
