Breach Notification , Critical Infrastructure Security , Cybercrime Classes Canceled as the University’s IT Staff Repairs Damage Dan Gunderman (dangun127) • September 7, 2021 Howard University detected the cyberattack late last week. (Photo: Derek E. Morton via Wiki/CC) Stay tuned for updates on this developing story. See Also: Top 50 Security Threats …
Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. The flaw is in MSHTML, the browser rendering engine that is also used by Microsoft Office documents. Ongoing attacks against Office 365 Identified as CVE-2021-40444, the security issue…
Five security vulnerabilities in commonly used infusion pump products from B. Braun Medical Inc. could collectively allow malicious actors to dangerously modify the dose of medicines delivered to patients, says Douglas McKee, a security researcher on a team at security vendor McAfee Enterprise, which recently discovered the flaws. The vulnerabilities exist in both the B….
Breach Notification , Endpoint Security , Governance & Risk Management Details on 2 of the 3 Vulnerabilities Released Mihir Bagwe • September 7, 2021 Gynvael Coldwind, a security researcher on Google’s security team, has identified three critical vulnerabilities affecting several Netgear smart switch products that, if exploited, give the attacker complete control over…
Cybersecurity White House hits the gas on zero trust By Chris Riotta Sep 07, 2021 The push to convert federal networks, systems and devices to a zero trust security architecture is accelerating, with the release of three new draft guidance documents as part of the White House administration’s push to improve the…
Cybercrime , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks Russian Gang Member Was Stranded After COVID-19 Restriction Prajeet Nair (@prajeetspeaks) • September 7, 2021 A Russian citizen, alleged to be working as a developer for the malware-spreading organization Trickbot, reportedly has been arrested at Seoul-Incheon International Airport. He was questioned by Korean authorities…
Germany has blamed Russia for a cyber attack on politicians just weeks before its general election. Berlin said it had “reliable information” that Russia’s GRU military intelligence service was behind the attack. The German Foreign Ministry said hackers had tried to steal email passwords from lawmakers in what may have been an attempt at election…
Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service Conti Ransomware Attackers’ Infrastructure Targeted After Health Service Disruption Mihir Bagwe • September 6, 2021 GNCCB has deployed this splash screen on seized domains (Source: Garda.ie) Ireland’s cybercrime police, the Garda National Cyber Crime Bureau, have conducted a “significant disruption operation” targeting the IT infrastructure…
Last week, multinational computer networking company Netgear released security patches to tackle three high-severity flaws impacting over 20 of its products, mostly smart switches. The flaws were found and reported to the company by security engineer Gynvael Coldwind and are tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145. The three vulnerabilities received a CVSS score…
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The “successful attack,” which is believed to have occurred last week, was mounted against its Confluence…
