Executive Summary Informations Name CVE-2020-23533 First vendor Publication 2021-04-06 Vendor Cve Last vendor Modification 2021-04-06 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores Security-Database Scoring CVSS v2 Cvss…
Threat actors are targeting mission-critical SAP applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks. Over 400,000 orgs worldwide and 92% of Forbes Global 2000 use SAP’s enterprise apps for supply chain management (SCM), enterprise resource planning (ERP), product lifecycle management (PLM), and customer relationship management (CRM). SAP…
Software developers have reported a series of malicious activities on their repositories, having the end purpose of mining cryptocurrency. The attacks have been happening since November 2020, the first report being made by a French software engineer. Source It looks like the threat actors are abusing the GitHub Actions feature that was implemented with the purpose of allowing…
Details from more than 500 million Facebook users have been found available on a website for hackers. The information appears to be several years old, but it is another example of the vast amount of information collected by Facebook and other social media sites, and the limits to how secure that information is. The availability…
Cloud Security , Network Detection & Response , Network Firewalls, Network Access Control Webinar | Securing Remote Workers: Using SASE to Maintain Visibility and Maximize Efficiency Information Security Media Group , • April 6, 2021 As remote work continues, organizations across EMEA – and beyond – must ensure that their employees can…
The FBI and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) are warning about advanced persistent threat (APT) actors exploiting a Fortinet vulnerability to gain access to government and other networks, according to an April 2 joint advisory. The joint advisory warns that APT actors are trying to utilize common vulnerabilities…
The personal details belonging to 30,000 individuals based in Singapore may have been illegally accessed after a security breach targeted a third-party vendor of a job-matching organization called Employment and Employability Institute. The leaked data included names, identification numbers, contact information, educational qualifications, and employment history. The e2i purpose is to bring together and connect…
A grand jury has indicted a California resident accused of stealing Shopify customer data on over a hundred merchants, TechCrunch has learned. The indictment charges Tassilo Heinrich with aggravated identity theft and conspiracy to commit wire fraud by allegedly working with two Shopify customer support agents to steal merchant and customer data from Shopify customers…
The US authorities are urging Fortinet customers to patch three legacy vulnerabilities being exploited in the wild to compromise government, commercial and technology service provider networks. A joint cybersecurity advisory from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Friday warned that threat actors are actively scanning for devices via ports 4443, 8443 and…
Breach Notification , Business Continuity Management / Disaster Recovery , COVID-19 Conti Ransomware Gang Hit Scottish Environment Protection Agency on Christmas Eve Mathew J. Schwartz (euroinfosec) • April 6, 2021 Pressure tactics: After SEPA refused to pay the Conti ransomware operation’s ransom, the gang leaked stolen data on its dedicated data leak site….
