Because companies either do not teach their staff enough or have inadequate email security measures in place, many firms, ranging from start-ups to multinational enterprises, are susceptible to phishing and other email-based frauds. These frauds may take many different forms. By strengthening the security of your email and providing your employees with training, you may avoid […]
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as […]
The following techniques have been made public by a researcher who wishes to remain anonymous. They can be used to bypass certain of Cisco’s Secure Email Gateway appliance’s filters and spread malware using carefully written emails. The researcher acknowledged communicating with the vendor, but said they were unable to get a suitable answer in a timely […]
Two vulnerabilities in Cisco’s product line, including high-severity flaws in the Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management products, have been patched, according to Cisco. A SQL Injection vulnerability known as CVE-2022-20867 (CVSS score: 4.7) affects Cisco ESA and Cisco Secure Email and Web […]
Cisco issued a warning of active exploitation attempts targeting two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. The security flaws are tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), which allows the attacker to copy malicious files to arbitrary locations with system-level privileges. Both the vulnerabilities are dated […]
Two security flaws in the Cisco AnyConnect Secure Mobility Client for Windows are being used in the wild, Cisco informed customers today. This alert supports the Cybersecurity and Infrastructure Security Agency’s (CISA) Monday statement that both security flaws have been added to its list of “Known Exploited Vulnerabilities.” CVE-2020-3433 An authorized, local intruder could be […]
New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. “The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation,” Finnish cybersecurity company WithSecure said in a report published […]
The allegations against Morgan Stanley Smith Barney LLC (MSSB) were made public by the Securities and Exchange Commission today. These allegations come from the company’s many breaches over a five-year period to secure the personal identifying information, or PII, of around 15 million clients. MSSB has agreed to address the SEC’s allegations by paying a […]
A new stealthy Linux malware known as Shikitega that infects computers and IoT devices via a series of payloads. The malware makes use of privilege elevation, adds persistence on the host via crontab, and finally launches a crypto-miner on infected devices. Shikitega is quite stealthy, managing to evade antivirus detection by using a polymorphic encoder […]
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. “These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load […]
Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect […]
There were 2690 reports of ransomware attacks in 2021, which was a 97.1% increase on 2020 levels. Ransomware is malicious software that infects a personal or organizational computer and then holds information for ransom until the affected party pays some money. Ransomware cost businesses and individuals $18 billion in 2020, with the average sum paid […]
The developers of the popular UpdraftPlus plugin announced a series of updates to address a vulnerability that would allow any user who has logged into a WordPress website with this plugin to download the backups available on the systems, which could potentially lead to the leakage of sensitive information. Wordfence researchers published a proof of […]
Cybersecurity specialists report that hacking groups are actively exploiting CVE-2021-20038, a severe vulnerability in SonicWall Secure Mobile Access (SMA) gateways, fixed in late 2021. The flaw was described as an unauthenticated stack-based buffer overflow residing in the SMA 100 Series devices (including SMA 200, 210, 400, 410 and 500v). Threat actors can exploit the flaw […]
During a routine security scan, Rapid7 specialists detected five vulnerabilities in SonicWall Secure Mobile Access (SMA) Series 100 devices, including SMA 200, 210, 400, 410 and 500v iterations. According to the report, the exploitation of the most severe of these flaws could lead to a remote code execution condition on the affected devices. The flaws […]
Some organizations and developers use third-party resources rather than writing software from scratch. Engineers may speed up development and save manufacturing costs by adopting pre-built libraries and open source components, allowing them to bring products to market faster. As a result, businesses need to account for software occurring outside of their walls and networks in […]
In its latest report, the Scottish Prison service revealed that a total of 1889 cell phones were confiscated due to misuse within local jails. These devices were delivered to thousands of prisoners in early 2020 as part of the coronavirus isolation measures, since the prisons could not receive visitors and contact with the outside was […]
Kubernetes is a great platform for container management that has shown a breakthrough lately, both in terms of functionality and in terms of security and resiliency. Specialists claim that Kubernetes’ architecture makes it easy to survive different types of outages and stay active despite everything, making it a great option for pentesting. On this occasion, […]
Having an internet connection is very crucial whether you are using your desktop, phone, or smart TV. But if you are planning on availing of internet connectivity at a fixed address, then a broadband connection can serve as your best bet. You opt for a dial-up landline connection or the more advanced fiber optic cables […]
Having secure remote access for employees and following best practices is essential to keep your data secure. In the past few months, companies in all industries have worked intensively with the Remote Desktop Protocol (RDP) to maintain their business while maintaining physical distancing. Since remote desktop access allows a corporate device to be accessed from […]
What are some of the key dangers faced by children online and how can you help protect them from the ghosts, ghouls and goblins creeping on the internet?