Author: ContentCreator
-
Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products
Original release date: February 2, 2021 CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on… Read more
-
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. Read more
-
Vulnerability Summary for the Week of January 25, 2021
Original release date: February 1, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info async-git_project — async-git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. 2021-01-26 7.5 CVE-2021-3190 MISC MISC MISC CONFIRM caret — caret A… Read more
-
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications. Read more
-
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices. Read more
-
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites. Read more
-
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more. Read more
-
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits. Read more
-
LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages
A phishing kit has been found running on at least 700 domains – and mimicking services via false SharePoint, OneDrive and Office 365 login portals. Read more
-
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. Read more