CVE-2021-37708
CVE-2021-37708
Similar Posts
US Blacklists 6 Russian Organizations Over Security Concerns
Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Commerce Department Says Organizations Are Aligned With Russian Intelligence Dan Gunderman (dangun127) • July 17, 2021 U.S. Department of Commerce (Source: Brandon Mowinkel/Unsplash) The Department of Commerce is restricting trade with four Russian information technology and cybersecurity firms, along with…
Builder for Babuk Locker ransomware leaked online
The builder for the Babuk Locker ransomware was leaked online this week, allowing easy access to an advanced ransomware strain to any would-be criminal group looking to get into the ransomware scene with little to no development effort. According to a copy of the leak, obtained and tested by The Record, the Babuk Locker “builder” can…
8,000+ Confluence Servers Still Vulnerable to Atlassian Flaw
3rd Party Risk Management , Application Security , Breach Notification Server Taken Offline Following Exploitation of Vulnerability Mihir Bagwe • September 8, 2021 Last weekend’s confirmed attack on the Jenkins project – an open-source automation server used in software development – using a recently discovered vulnerability in the Atlassian Confluence service, could be…
GitHub Infrastructure Used to Mine Cryptocurrency
Software developers have reported a series of malicious activities on their repositories, having the end purpose of mining cryptocurrency. The attacks have been happening since November 2020, the first report being made by a French software engineer. Source It looks like the threat actors are abusing the GitHub Actions feature that was implemented with the purpose of allowing…
WeLeakInfo Leaked Customer Payment Info
A lapsed domain registration tied to WeLeakInfo, a wildly popular service that sold access to more than 12 billion usernames and passwords from thousands of hacked websites, “let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card,” reports Krebs on Security. This comes after the…
ISMG Editors’ Panel: Fraud Trends
Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management Discussion Also Tackles Applying ‘Zero Trust’ to OT Environment Anna Delaney (annamadeline) • August 20, 2021 Clockwise, from top left: Suparna Goswami, Anna Delaney, Tony Morbin and Tom Field In the latest…