Name That Toon: Greetings, Earthlings
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2021-22540PUBLISHED: 2021-04-22Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The...
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.Vulnerability reports come at open source project maintainers from all directions with varying...
Zero-Day Flaws in SonicWall Email Security Tool Under Attack
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.SonicWall has deployed patches for three zero-day vulnerabilities in its...
Justice Dept. Creates Task Force to Stop Ransomware Spread
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.The Justice Department is forming a task force of FBI agents, prosecutors, and...
Rapid7 Acquires Velociraptor Open Source Project
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.Security firm Rapid7 today confirmed its acquisition of Velociraptor, an open source technology...
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.Nation-state attackers are exploiting high-severity vulnerabilities in the Pulse Secure VPN to...
Attackers Heavily Targeting VPN Vulnerabilities
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.Attacks on virtual private networks, like those this week targeting a trio of known...
Business Email Compromise Costs Businesses More Than Ransomware
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report. It's readily apparent that ransomware — and its...
Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.The US Department of Energy today announced a...
Attackers Compromised Code-Checking Vendor’s Tool for Two Months
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.In a software supply-chain attack reminiscent of the...
