A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.

https://threatpost.com/bug-iot-millions-devices-attackers-eavesdrop/168729/

The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch this week.

https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.

https://threatpost.com/kerberos-authentication-spoofing/168767/

The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.

https://threatpost.com/blackberrys-qnx-devices-attacks/168772/

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data.

https://threatpost.com/critical-sage-x3-rce-bug-allows-full-system-takeovers/167612/

Threat actors enlist compromised WordPress websites in campaign targeting macOS users.

https://threatpost.com/macos-wildpressure-apt/167606/

David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.

https://threatpost.com/breaking-into-security-appliances/167584/

The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.

https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

https://threatpost.com/rce-0-day-western-digital-users/167547/

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.

https://threatpost.com/kaseya-patches-zero-day-exploits/167548/

Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.

https://threatpost.com/kaseya-attack-fallout/167541/

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.

https://threatpost.com/healthcare-prey-ransomware-cyberattacks/167525/

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.

https://threatpost.com/kubernetes-brute-force-attacks-russia-apt28/167518/

CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.

https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.

https://threatpost.com/netgear-authentication-bypass-router-takeover/167469/

The self-propagating malware’s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.

https://threatpost.com/indexsinas-smb-worm-enterprises/167455/

The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks.

https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.

https://threatpost.com/zero-day-wipe-my-book-live/167422/

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.

https://threatpost.com/mttr-bad-secops/167440/

The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.

https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/