Month: March 2021

  • Vulnerability Summary for the Week of March 22, 2021

    DEFENDEDGE

    Original release date: March 29, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 2021-03-22 7.5 CVE-2021-26295 MLIST CONFIRM MLIST MLIST MLIST apache —… Read more

  • Employee Lockdown Stress May Spark Cybersecurity Risk

    DEFENDEDGE

    Younger employees and caregivers report more stress than other groups– and more shadow IT usage. Read more

  • Network Security Infrastructure

    DEFENDEDGE

    Network Security Infrastructure “Cybercrime is the greatest threat to every company in the world.” a quote by Ginni Rometty, IBM’s executive chairman, and previous CEO. So why do so many companies wait until they have been breached to implement any sort of security infrastructure? The answer is money. If you do not pay now you… Read more

  • Vulnerability Summary for the Week of March 15, 2021

    DEFENDEDGE

    Original release date: March 22, 2021 | Last revised: March 24, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — creative_cloud_desktop _application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call… Read more

  • Cyberwarfare: The Technology Attack

    DEFENDEDGE

    Cyberwarfare: The Technology Attack What is Cyberwarfare? There is still widespread debate around the true definition of “cyberwarfare.’ Some experts define it as an “extension of policy by actions taken in cyberspace by state actors that constitute a serious threat to another state’s security.” Others in the field believe that cyberwarfare is the “use of… Read more

  • AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    DEFENDEDGE

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical… Read more

  • Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

    DEFENDEDGE

    A glitch in Zoom’s screen-sharing feature shows parts of presenters’ screens that they did not intend to share – potentially leaking emails or passwords. Read more

  • Tutor LMS for WordPress Open to Info-Stealing Security Holes

    DEFENDEDGE

    The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities. Read more

  • Cisco Plugs Security Hole in Small Business Routers

    DEFENDEDGE

    The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers. Read more

  • Do you have OPSEC?

    DEFENDEDGE

    Do you have OPSEC? When organizations are finding ways to harden their networks and meet cybersecurity compliance standards, Operations Security or “OPSEC”is not a concern that always comes to mind. But this oversight can have disastrous consequences and spell financial ruin for your company. Organizations should consider OPSEC as their first layer of security. Our U.S.… Read more