Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits https://ift.tt/3a7BW9J Traditionally the second Tuesday of the month is Microsoft’s “patch Tuesday”. This is the day when they roll out all the available patches for their software, and their operating systems in particular. Since there were no less than 56 patches in this month’s issue we […]
RDP abused for DDoS attacks https://ift.tt/3r1xzm5 We have talked about RDP many times before. It has been a popular target for brute force attacks for a long time, but attackers have now found a new way to abuse it. Remote access has become more important during the pandemic, with as many people as possible try […]
Nissan Source Code Compromised Online Due to Exposed Git Server https://ift.tt/3pVY1wU Nissan’s source code got compromised online after the company left an uncovered Git server secured with default access credentials. This leak was learned by a Swiss-based software engineer Tillie Kottmann who shared with ZDNet in an interview that she discovered the leak from […]
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products https://ift.tt/2MoHL9s Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), […]
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers https://ift.tt/3hd7bCp We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, […]
Theft of Cybersecurity Tools | FireEye Breach https://ift.tt/2W0S6ty On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the security posture of their customers. According to FireEye, the hackers now have an influential collection of new techniques to draw upon. It is unclear today if the attackers intend to use the tools themselves or if […]
Cloudflare’s privacy-first Web Analytics is now available for everyone https://ift.tt/3n3ufp3 In September, we announced that we’re building a new, free Web Analytics product for the whole web. Today, I’m excited to announce that anyone can now sign up to use our new Web Analytics — even without changing your DNS settings. In other words, Cloudflare […]
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack https://ift.tt/3gqHlu9 Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vulnerabilities may allow attackers to remotely compromise devices, execute malicious code, perform […]
Infrastructure as Code assessment with Terraform https://ift.tt/2I2TqbT Security is of utmost importance for any piece of code or infrastructure The traditional security approach was based on a ticketing system to provision a piece of infrastructure. This method worked well in smaller settings where companies managed small infrastructures with minimum turnover. This was true in the […]
Quick Guide — How to Troubleshoot Active Directory Account Lockouts https://ift.tt/2VfLCqj Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of the users […]
Stack IT News 