Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.

https://threatpost.com/kaseya-attack-fallout/167541/

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.

https://threatpost.com/healthcare-prey-ransomware-cyberattacks/167525/

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.

https://threatpost.com/kubernetes-brute-force-attacks-russia-apt28/167518/

CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.

https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.

https://threatpost.com/netgear-authentication-bypass-router-takeover/167469/

The self-propagating malware’s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.

https://threatpost.com/indexsinas-smb-worm-enterprises/167455/

The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks.

https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.

https://threatpost.com/zero-day-wipe-my-book-live/167422/

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.

https://threatpost.com/mttr-bad-secops/167440/

The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.

https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/

Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.

https://threatpost.com/rce-bug-in-adobe-revealed/167382/

A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.

https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit.

https://threatpost.com/my-book-live-wiped-rce-attacks/167270/

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

https://threatpost.com/cisco-asa-bug-exploited-poc/167274/

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

https://threatpost.com/dell-bios-attacks-rce/167195/

A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.

https://threatpost.com/atlassian-bugs-could-have-led-to-1-click-takeover/167203/

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

https://threatpost.com/critical-palo-alto-bug-remote-war-room/167169/

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

https://threatpost.com/email-bug-message-snooping-credential-theft/167125/

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.

https://threatpost.com/cryptominers-python-supply-chain/167135/