Three waves of DNS hijacking attacks against consumer routers have been linked back to Google Cloud Platform abuse.
No. 4 global phone maker, Xiaomi, preinstalled a security app called ‘Guard Provider’ that had a major flaw.
Original release date: April 04, 2019 The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Nvidia has patched eight high-severity flaws in its Tegra processors, which could enable denial of service and code execution.
Have your business try Cynet’s Free Threat Assessment that checks for malware, C&C connections, data exfiltration, phishing link access, user credential thefts attempts, etc.
Google’s April Android Security update fixed 12 Android-specific vulnerabilities including three critical remote code execution flaws.
White hat hacker reverse engineers financial apps and finds a treasure trove of security issues.
Original release date: April 01, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »
Original release date: April 01, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware can be devastating to an individual or an organization. The Cybersecurity and Infrastructure Security Agency (CISA) discourages individuals and organizations from paying the ransom, as this does not guarantee access will be restored. CISA encourages users …
Read More »
Original release date: April 01, 2019 April is Supply Chain Integrity Month. The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious …
Read More »