4 Innovative Ways Cyberattackers Hunt for Security Bugs
David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved “fixme” flags in developer support groups.
Pulse Secure Critical Zero-Day Security Bug Under Active Exploit
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
Mandiant Front Lines: How to Tackle Exchange Exploits
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
Gafgyt Botnet Lifts DDoS Tricks from Mirai
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
Attackers Target ProxyLogon Exploit to Install Cryptojacker
Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
Security Bug Allows Attackers to Brick Kubernetes Clusters
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Ransomware Attack Creates Cheese Shortages in Netherlands
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
