CVE-2021-22349

3rd Party Risk Management , Governance & Risk Management , Incident & Breach Response Avast: This Supply Chain Attack Used Cobalt Strike Prajeet Nair (@prajeetspeaks) • July 6, 2021     This bitmap image file was used for a steganography attack on MonPass. (Source: Avast) Researchers at Avast discovered a compromised server belonging to MonPass,…

Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is offered as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform. Last week,…

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.

A North Korean government-backed APT group has been caught using a fake pen-testing company and a range of sock puppet social media accounts in an escalation of a hacking campaign targeting security research professionals. The notorious hacking group, first exposed by Google earlier this year, returned on March 17th with a website for a fake…

Russia on Friday announced it would expel 10 US diplomats and take other retaliatory moves in response to sanctions imposed on Russia by US President Joe Biden a day earlier, The Associated Press reports. Russian Foreign Minister Sergey Lavrov also said Moscow will add eight US officials to its sanctions list and move to restrict…

Application Security , Critical Infrastructure Security , Cybercrime Security Agency Will Use Bugcrowd, EnDyna for Platform Scott Ferguson (Ferguson_Writes) • June 8, 2021     The U.S. Cybersecurity and Infrastructure Security Agency is preparing to expand its vulnerability research and disclosure program, which is now mandatory for nearly all executive branch agencies within the federal…