Month: September 2021

  • Tips & Tricks for Unmasking Ghoulish API Behavior

    DEFENDEDGE

    Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. Read more

  • Thousands of University Wi-Fi Networks Expose Log-In Credentials

    DEFENDEDGE

    Multiple configuration flaws in a free Wi-Fi network used by numerous universities can allow access to usernames and passwords of students and faculty who connect to the system from Android and Windows devices, researchers have found. A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe,… Read more

  • Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

    DEFENDEDGE

    Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. Read more

  • Keep Attackers Out of VPNs: Feds Offer Guidance

    DEFENDEDGE

    The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. Read more

  • Apple AirTag Zero-Day Weaponizes Trackers

    DEFENDEDGE

    Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. Read more

  • CISA and NSA Release Guidance on Selecting and Hardening VPNs

    DEFENDEDGE

    Original release date: September 28, 2021 The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable… Read more

  • RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

    DEFENDEDGE

    Original release date: September 28, 2021 Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device.   CISA encourages users and administrators to review Hikvision’s Security Advisory HSRC-202109-01 and apply the latest firmware… Read more

  • Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

    DEFENDEDGE

    The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. Read more

  • A Look Into “Password Hygiene” and How to Implement It

    DEFENDEDGE

    According to a 2020 study conducted by Stanford University, almost 90% of cyber security breaches are caused by human error. Though there are a variety of factors that contribute to this statistic, one of the main offenses is poor password hygiene. “Password hygiene” is the practice of ensuring your passwords are unique, secure, and difficult to crack. You can do your part toward improving… Read more

  • 5 Steps to Securing Your Network Perimeter

    DEFENDEDGE

    Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. Read more