September 2, 2021

SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […]

The post Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation appeared first on Security Affairs.

Read More Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation

The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp’s image filter feature, tracked as CVE-2020-1910, could have been exploited by attackers to read sensitive information from the app’s memory by simply sending a specially crafted image over the messaging app […]

The post WhatsApp CVE-2020-1910 bug could have led to user data exposure appeared first on Security Affairs.

Read More WhatsApp CVE-2020-1910 bug could have led to user data exposure

Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October …

Read More Podcast: Windows 11 overview: Hardware requirements, security updates and upgrade confusion

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS […]

The post New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices appeared first on Security Affairs.

Read More New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.

Read More Gift Card Gang Extracts Cash From 100k Inboxes Daily

Threat actors are actively exploiting a recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product. Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise […]

The post Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE appeared first on Security Affairs.

Read More Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE

Wordfence researchers have recently discovered that more than 1 million WordPress websites were affected by Gutenberg Template Library & Redux Framework vulnerabilities. As explained in a blog post, one vulnerability (CVE-2021-38312) enabled users …

Read More Gutenberg Template Library & Redux Framework Vulnerabilities Affect Over 1 Million WordPress Websites

Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 161 pages of excellent content. Cyber Defense eMagazine for September 2021 Published monthly by Cyber Defense Magazine, this resource shares a wealth of information to help you stay one step ahead of the next cyber threat. In this Edition:  – […]

The post Cyber Defense Magazine – September 2021 has arrived. Enjoy it! appeared first on Security Affairs.

Read More Cyber Defense Magazine – September 2021 has arrived. Enjoy it!

Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass flaw (CVE-2021-34746) in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code is already available. An attacker can exploit the […]

The post Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists appeared first on Security Affairs.

Read More Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists

Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws, including 19 vulnerabilities that were reported through its bug bounty program. Google paid over $130,000 in […]

The post Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93 appeared first on Security Affairs.

Read More Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93

Today’s Hashtag Trending script was prepared by Tom Li. A sales manager is suing IBM for capping commissions, Amazon is going on a hiring spree, and Microsoft is booting Windows 11 testers using ineligible PCs. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, September 2, and I’m your […]

The post Hashtag Trending September 2 – IBM commission lawsuit; Amazon’s hiring spree; Ineligible Windows 11 testers get the boot first appeared on IT World Canada.

Read More Hashtag Trending September 2 – IBM commission lawsuit; Amazon’s hiring spree; Ineligible Windows 11 testers get the boot