Category: alerts
Category Added in a WPeMatico Campaign
-
Apple Releases Security Updates, iOS 14.8 and iPadOS 14.8
Original release date: September 13, 2021 Apple has released security updates to address vulnerabilities—CVE-2021-30860, CVE-2021-30858—in iOS and iPadOS. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the… Read more
-
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
The security vulnerability can be exploited with a malicious CSV file. Read more
-
Vulnerability Summary for the Week of September 6, 2021
Original release date: September 13, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adaptivescale — lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 10 CVE-2021-40494 MISC arubanetworks — arubaos A remote… Read more
-
CISA’s Annual National Cybersecurity Summit
Original release date: September 13, 2021 CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation: Oct. 6 – Assembly Required: The Pieces of the Vulnerability Management… Read more
-
Yandex Pummeled by Potent Meris DDoS Botnet
Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex. Read more
-
Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. Read more
-
Thousands of Fortinet VPN Account Credentials Leaked
They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. Read more
-
‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering. Read more
-
SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. Read more
-
Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. Read more