Ελληνικά
By Tara Seals Unauthenticated cyberattackers can also wreak havoc on networking device configurations. Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its enterprise networking portfolio. The flaws impact Cisco’s wireless controllers, SD-WAN offering and configuration mechanisms in use for scads of products. The networking […]
Author Archives: CSIRT
By Tara Seals The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According […]
By Lisa Vaas Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Guardicore security researcher Amit Serper has discovered a severe design bug in Microsoft Exchange’s autodiscover (https://docs.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019) – a protocol that lets users easily configure applications such as Microsoft Outlook with just […]
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. “These attacks used the vulnerability, tracked as CVE-2021-40444 (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444), as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders,” […]
By Charlie Fripp Google’s Chrome is one of the most popular browsers globally, used by billions of people. So, when issues in the code are discovered, Google needs to act quickly. Not only to protect users but also the company’s security reputation. A case in point? Several vulnerabilities have been recorded in the latest version […]