NSA: 5 Security Bugs Under Active Nation-State Cyberattack
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
Vulnerabilities
Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks
Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer.
read more
Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices
A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.
read more
Mandiant Front Lines: How to Tackle Exchange Exploits
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
NSA Discloses Vulnerabilities in Microsoft Exchange
Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.
Russian Intelligence Actively Exploits Five Known Vulnerabilities, NSA Says
Yesterday, the Biden Administration announced a set of measures aimed to impose costs on Russian cyber attackers for election influence operations, for the SolarWinds compromise, and for other cyberespionage incidents. The NSA, CISA, and the FBI releas…
Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy
Google’s Project Zero cybersecurity research unit on Thursday announced that it’s making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw.
read more
…
Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack
Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations…
IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain
More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures.
read more