Month: October 2021

  • NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

    DEFENDEDGE

    Original release date: October 8, 2021 The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA).… Read more

  • Future Trends within Cloud Security

    DEFENDEDGE

    What’s happening   95% of companies have a presence within the cloud. Many organizations don’t realize they are active within the “cloud,” even though they have a massive amount of data within programs such as Microsoft office 365.   Since the pandemic, many businesses shifted over to cloud-based apps and systems for the first time. In order to reduce… Read more

  • Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation

    DEFENDEDGE

    Original release date: October 7, 2021 On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild.  CISA is also seeing ongoing scanning of vulnerable systems,… Read more

  • Canopy Parental Control App Wide Open to Unpatched XSS Bugs

    DEFENDEDGE

    The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. Read more

  • CISA Releases Security Advisory for Honeywell Experion and ACE Controllers

    DEFENDEDGE

    Original release date: October 5, 2021 CISA has released an Industrial Controls Systems (ICS) advisory detailing multiple vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to… Read more

  • IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

    DEFENDEDGE

    Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses. Read more

  • How to Build an Incident-Response Plan, Before Security Disaster Strikes

    DEFENDEDGE

    Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack. Read more

  • Apache Web Server Zero-Day Exposes Sensitive Data

    DEFENDEDGE

    The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating. Read more

  • Be Cyber Smart During Cybersecurity Awareness Month

    DEFENDEDGE

    Original release date: October 5, 2021 CISA and the National Cybersecurity Alliance (NCSA) remind users to continue to “Do Your Part. #BeCyberSmart.” during October—2021’s Cybersecurity Awareness Month!   In 2021, CISA and NCSA will focus on different outreach themes each week to include:   Be Cyber Smart Phight the Phish! Explore. Experience. Share. – Cybersecurity… Read more

  • Vulnerability Summary for the Week of September 27, 2021

    DEFENDEDGE

    Original release date: October 4, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — digital_editions Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse… Read more