Tag: Security

Written by Rafael Silva

Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086)

Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086) https://ift.tt/3a65Qex Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability disclosed by Tenable’s Zero Day Research team. Microsoft patched 56 CVEs in the February 2021 […]

Written by Rafael Silva

Patch Tuesday – February 2021

Patch Tuesday – February 2021 https://ift.tt/3q88d5Z The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family Family Vulnerability Count Windows 28 ESU 14 Microsoft Office 11 […]

Written by Rafael Silva

RDP abused for DDoS attacks

RDP abused for DDoS attacks https://ift.tt/3r1xzm5 We have talked about RDP many times before. It has been a popular target for brute force attacks for a long time, but attackers have now found a new way to abuse it. Remote access has become more important during the pandemic, with as many people as possible try […]

Written by Rafael Silva

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products https://ift.tt/2MoHL9s Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), […]

Written by Rafael Silva

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers https://ift.tt/3hd7bCp We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, […]

Written by Rafael Silva

Theft of Cybersecurity Tools | FireEye Breach

Theft of Cybersecurity Tools | FireEye Breach https://ift.tt/2W0S6ty On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the security posture of their customers. According to FireEye, the hackers now have an influential collection of new techniques to draw upon. It is unclear today if the attackers intend to use the tools themselves or if […]

Written by Rafael Silva

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack https://ift.tt/3gqHlu9 Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vulnerabilities may allow attackers to remotely compromise devices, execute malicious code, perform […]