Our news
-
LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
-
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.
-
The Internet of Things
IoT devices have become more prevalent in our everyday lives and have even trickled into businesses. From thermostats to monitors for manufacturing equipment, almost every device that we use today has some form of ‘smart’ option for it. While this may seem like a great and easy way to slide into the technological future, the…
-
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims’ personal information, sensitive company data and more.
-
Vulnerability Summary for the Week of August 23, 2021
Original release date: August 30, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — bridge Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the…
-
CISA Adds Single-Factor Authentication to list of Bad Practices
Original release date: August 30, 2021 Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system.…
-
Microsoft Azure Cosmos DB Guidance
Original release date: August 27, 2021 CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance…
-
Winning the Cyber-Defense Race: Understand the Finish Line
Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It’s not achieving visibility.
-
Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug
Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions.
-
Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover
It’s unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable.