Hostrisk

What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

What’s Making Your Company a Ransomware Sitting Duck

What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

favicon

(threatpost.com)

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

Cisco Smart Switches Riddled with Severe Security Holes

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

favicon

(threatpost.com)

Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

Takeaways from the Colonial Pipeline Ransomware Attack

Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

favicon

(threatpost.com)

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.

Peloton Bike+ Bug Gives Hackers Complete Control

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.

favicon

(threatpost.com)

A French court fined the furniture giant for illegal surveillance on 400 customers and staff.

IKEA Fined $1.2M for Elaborate ‘Spying System’

A French court fined the furniture giant for illegal surveillance on 400 customers and staff.

favicon

(threatpost.com)

Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.

Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.

favicon

(threatpost.com)

Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.

Volkswagen Vendor Exposed Data of 3.3m Drivers

Nearly all of the data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.

favicon

(threatpost.com)

Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots

Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

favicon

(threatpost.com)

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts – with no patches in sight.

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight.

favicon

(threatpost.com)

Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

SonicWall 'Botches' October Patch for VPN Bug

Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

favicon

(threatpost.com)

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.

Cryptominers Slither into Python Projects in Supply-Chain Campaign

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.

favicon

(threatpost.com)

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

Email Bug Allows Message Snooping, Credential Theft

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

favicon

(threatpost.com)

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

favicon

(threatpost.com)

A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.

Atlassian Bugs Could Have Led to 1-Click Takeover

A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.

favicon

(threatpost.com)

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

favicon

(threatpost.com)

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

Critical VMware Carbon Black Bug Allows Authentication Bypass

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

favicon

(threatpost.com)

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

Cisco ASA Bug Now Actively Exploited as PoC Drops

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

favicon

(threatpost.com)

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit.

My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage offline ASAP: There's an exploit.

favicon

(threatpost.com)

A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.

NVIDIA Patches High-Severity GeForce Spoof-Attack Bug

A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.

favicon

(threatpost.com)

Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.

Details of RCE Bug in Adobe Experience Manager Revealed

Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released.

favicon

(threatpost.com)