Foreign Spies Target British Nationals With Fake Social Media Profiles
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-7856PUBLISHED: 2021-04-20A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793PUBLISHED: 2021-04-20vscode-restructuredtext before...
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
Bug-bounty programs have accelerated in the past few years. Many organizations...
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.Weak passwords used over the Windows Server Message Block (SMB) protocol are...
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT...
High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.A high-level manager of cybercrime group FIN7, also known as the Carbanak...
Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.For security teams, there...
Pandemic Pushes Bot Operators to Redirect Efforts
As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.Shifts in consumer activity due to...
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.The Biden administration Thursday officially blamed Russia's Foreign Intelligence Service,...
FBI Operation Remotely Removes Web Shells From Exchange Servers
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.A court order has authorized an FBI operation to remove...
6 Tips for Managing Operational Risk in a Downturn
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.Many organizations have gone through...
