3rd Party Risk Management , Application Security , Critical Infrastructure Security Flaw in Serv-U File-Transfer Software Unconnected to Orion Supply Chain Attack Akshaya Asokan (asokan_akshaya) • July 13, 2021 Attackers have been exploiting a newly discovered zero-day flaw in SolarWinds software, the security vendor has warned. See Also: Live Panel | Zero Trusts…
A Critical Serv-U Vulnerability Exploited in the Wild, Fixed by SolarWinds | IT Security News Android App Android App with push notifications Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Categories CategoriesSelect Category(ISC)2 Blog (323)(ISC)2 Blog infosec (13)(ISC)² Blog (386)2020-12-08 – Files…
Executive Summary This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this. Informations Name CVE-2021-29106 First vendor Publication 2021-07-10 Vendor Cve Last vendor Modification 2021-07-12 Security-Database Scoring CVSS v3 Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Overall CVSS Score 6.1 Base Score 6.1 Environmental Score 6.1 impact SubScore 2.7…
SolarWinds software firm says that unknown hackers exploited a previously unknown flaw in two of its programmes to go after “a limited, targeted set of customers.” The statement, issued over the weekend, did not identify the hackers involved. In a question-and-answer page appended to the statement, SolarWinds said the flaw was “completely unrelated” to last…
SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild. The vulnerability, discovered by Microsoft’s Threat Intelligence Center (MSTIC) and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is…
Suspected Chinese hackers are targeting online gambling companies in China with a new remote access trojan (RAT) that abuses Open Broadcaster Software (OBS) Studio live streaming software to record victims’ screens. Dubbed ‘BIOPASS RAT’ by researchers at Trend Micro who discovered this new threat, the malware spreads via a watering hole attack, in which unsuspecting…
Given the ongoing wave of Russian-based ransomware attacks, American President Joe Biden has asked Russian President Vladimir Putin during a phone call to act on the attacks against American organizations and infrastructure. Biden added that the U.S. will take “any necessary action” to protect itself against future attacks. The U.S. President highlighted that the Russian government…
Kaseya released a patch for the vulnerabilities that were used by REvil in what seems to be one of the largest ransomware attacks, in which the ransomware gang, also known as Sodinokibi, targeted MSPs with thousands of customers. Back in April, the Dutch Institute for Vulnerability Disclosure (DIVD) had disclosed seven vulnerabilities to Kaseya with most of them…
Business Email Compromise (BEC) , Cybercrime , Fraud Management & Cybercrime Oil and Gas Industry Yet Again a Victim of Agent Tesla Malware Rashmi Ramesh • July 10, 2021 A campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyber espionage purposes has been targeting large international energy companies for at least…
_________________________ Australians have lost $139 million to scammers in the first half of 2021, according to the Australian Competition and Consumer Commission. More than $31 million was swindled in June alone, the highest amount per month so far this year. Investment scams account for the majority of cash lost, at $70.5 million, followed by…
