DefendEdge Logo
Categories
alerts

Critical Linux Kernel Bug Allows Remote Takeover

The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
Categories
alerts

BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

Original release date: November 4, 2021

On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.

CISA encourages manufacturers, vendors, and developers to review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager and update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories
alerts

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor.
Categories
alerts

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.
Categories
alerts

Predicting the Next OWASP API Security Top 10

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
Categories
alerts

FBI Releases PIN on Attacks Using Significant Financial Events for Extortion

Original release date: November 3, 2021

The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) on ransomware actors using significant financial events, such as mergers and acquisitions, to target and leverage victim companies.

CISA encourages users and administrators to review Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories
alerts

CISA Issues BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities

Original release date: November 3, 2021

CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. To support this Directive, CISA has established a catalog of relevant vulnerabilities. This catalog will be updated regularly, and organizations can sign up for notifications when new vulnerabilities are added.  

CISA strongly recommends that private businesses, industry, and state, local, tribal and territorial (SLTT) governments prioritize mitigation of vulnerabilities in CISA’s Directive and sign up for updates to the catalog.  

CISA urges organizations to review BOD 22-01 and the Fact Sheet for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories
alerts

Android Patches Actively Exploited Zero-Day Kernel Bug

Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.
Categories
alerts

Apple macOS Flaw Allows Kernel-Level Compromise

‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.
Categories
alerts

Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion

An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems.

For Emergency Cyber Security Incident Response please email RedTeam@DefendEdge.com