Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)

Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)

CVE-2021-34464 and CVE-2021-34522 | Microsoft Defender Remote Code Execution Vulnerability CVE-2021-34464 and CVE-2021-34522 are RCE vulnerabilities in the Microsoft Malware Protection Engine. Both of these vulnerabilities received CVSSv3 scores of 7.8 and are rated as “Exploitation Less Likely,” but we chose to highlight them due to in-the-wild exploitation of a similar flaw, CVE-2021-1647, in January. While CVE-2021-1647 was a zero-day, the ubiquity of Microsoft Defender makes this a noteworthy vulnerability. Fortunately, Microsoft Defender…

Read More

How Cisco Cloud Application Centric Infrastructure (Cloud ACI) powers Application Service Chaining – Cisco Blogs

How Cisco Cloud Application Centric Infrastructure (Cloud ACI) powers Application Service Chaining – Cisco Blogs

In the blog titled Power of Cloud Application Centric Infrastructure (Cloud ACI) in Service Chaining, we talked about how cloud ACI provides an elegant solution for lifecycle management of native load balancers in the public cloud. We also looked at a simple use case of a Firewall insertion before traffic hits the application load balancer. In this blog, we will  look at more complex use-cases that we can solve using a comprehensive service chaining framework with…

Read More

PCI SSC Shares Resources for Navigating Changing Payment Environments

PCI SSC Shares Resources for Navigating Changing Payment Environments

  Greetings to our PCI SSC stakeholder community! With 2021 half done, I wanted to take this opportunity to share with you what the PCI Security Standards Council (PCI SSC) is doing to assist the industry as we continue to navigate the changes brought on by the pandemic. The current phase is a hybrid of old and new, and defined by rapid changes including re-openings and continued, or returning, lockdowns.

Read More

Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack

Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack

Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software that were exploited by the REvil ransomware gang in the massive ransomware supply chain attack. The company announced last week that fewer than 60 of its customers and less than 1,500 businesses have been impacted…

Read More

Bad actor offers up for sale data from 600 million LinkedIn members scraped from the site

Bad actor offers up for sale data from 600 million LinkedIn members scraped from the site

Cyber News reports that this is the third time in four months that member information has shown up on a hacker forum. Image: iStock/iBrave A data set including information from 600 million LinkedIn users showed up for sale on a hacker forum this week. That’s the third time in four months that scraped data from the networking site has been offered up for sale, according to a report from Cyber News.  The data is all…

Read More

Docker for Node.js Developers: 5 Things You Need to Know Not to Fail Your Security – Docker Blog

Docker for Node.js Developers: 5 Things You Need to Know Not to Fail Your Security – Docker Blog

Guest post by Liran Tal, Snyk Director of Developer Advocacy  Docker is totalling up to more than 318 billion downloads of container images. With millions of applications available on Docker Hub, container-based applications are popular and make an easy way to consume and publish applications. That being said, the naive way of building your own Docker Node.js web applications may come with many security risks. So, how do we make security an essential part of…

Read More

Iranian Hackers Pose as UK Scholars to Target Experts   

Iranian Hackers Pose as UK Scholars to Target Experts   

WASHINGTON – A notorious group of hackers tied to Iran’s Islamic Revolutionary Guard Corps has waged a covert campaign targeting university professors and other experts based in the U.K. and the U.S. in an attempt to steal their sensitive information, according to research by the cybersecurity firm Proofpoint.    The group, known as TA453 and Charming Kitten, has been masquerading as British scholars at the University of London’s School of Oriental and African Studies (SOAS)…

Read More

Professor Says Being Impersonated by Iranian Hackers Was Stressful But Good For Networking

Professor Says Being Impersonated by Iranian Hackers Was Stressful But Good For Networking

Image: Sobhan Farajvan/Pacific Press/LightRocket via Getty Images Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet. Iranian hackers with links to the country’s Islamic Revolutionary Guard Corps impersonated two academics in an attempt to hack journalists, think tank analysts, and other academics, according to a new report. In early 2021, the hackers—dubbed inside the industry as Charming Kitten or TA453—sent emails to targets pretending to be Dr. Hanns Bjoern…

Read More

Delivering a New Operating Model for Hybrid Cloud – Cisco Blogs

Delivering a New Operating Model for Hybrid Cloud – Cisco Blogs

Building on my recent blog around Accelerate and Differentiate with Hybrid Cloud, I wanted to take one step further in giving you my perspective on why Cisco is your best partner to deliver premium experiences for your customer engagements. As a result of the global pandemic, the acceleration and reliance on digital experiences have been swift. Digital is now defined as a way of working, making decisions, and managing the company. For example, e-commerce is open 24…

Read More

Anomali Cyber Watch: Global Phishing Campaign, Magecart Data Theft, New APT Group, and More

Anomali Cyber Watch: Global Phishing Campaign, Magecart Data Theft, New APT Group, and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data Theft, Malicious Apps, Middle East, Phishing, Targeted Campaigns, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats…

Read More
1 3,573 3,574 3,575 3,576 3,577 4,169