Category: alerts
Category Added in a WPeMatico Campaign
-
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Original release date: December 1, 2021 CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the… Read more
-
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks
The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks. Read more
-
IKEA Hit by Email Reply-Chain Cyberattack
IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads. Read more
-
Unpatched Windows Zero-Day Allows Privileged File Access
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. Read more
-
Vulnerability Summary for the Week of November 22, 2021
Original release date: November 29, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 4mosan — gcb_doctor 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt… Read more
-
CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations
Original release date: November 24, 2021 CISA has released actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity. The CEG: Mobile Device Cybersecurity Checklist for Consumers provides steps for consumers, including using strong authentication and enabling automatic operating system updates. The CEG: Mobile Device Cybersecurity Checklist for Organizations provides steps… Read more
-
Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes. Read more
-
Attackers Actively Target Windows Installer Zero-Day
Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. Read more
-
Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky. Read more
-
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters. Read more