Month: July 2021

Agency warns attackers targeting teleworkers to steal corporate data. Read more

Original release date: July 30, 2021 CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can… Read more

Original release date: July 30, 2021 The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors… Read more

There are patches or remediations for all of them, but they’re still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do? Read more

Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON. Read more

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam. Read more

Original release date: July 28, 2021 CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by malicious actors in 2020 and those being widely… Read more

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities… Read more

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. Read more

Original release date: July 27, 2021 CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in multiple Geutebruck G-CAM E2 series devices and Encoder G-Code versions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS Advisory… Read more