CND News and Blog

Spear Phishing - Cyber Attacks
Kelsey Chalmers
Technical
 We have all heard of Phishing attacks, where emails are used as bait to lure us into clicking on a link or opening an attachment. However, because we are now much wiser to the threat, attackers are having to work harder to lure us in by doing some research. These targeted phishing attacks are referred to as Spear Phishing, and humorously, if ...
New Vulnerabilities Tuesday 17 January
michele654
Vulnerabilities
Quarterly Patches for Oracle are out this afternoon. Pre-release notice is available. New Alerts for Mitsubishi Electric, IBM, and Linux. Mitsubishi Electric  An authorization bypass vulnerability exists in the WEB server function of the MELSEC iQ-F/iQ-R Series. An unauthenticated remote attacker may be able to access the WEB server function b...
New Vulnerabilities Monday 16 January
michele654
Vulnerabilities
New Alerts for Xerox, Google ChromeOS, and Linux. Xerox  Xerox has updated Xerox WorkCentre models to correct vulnerabilities including insecure password encryption, show embedded system accounts, and remove the ability to disable functionality.More info. Google  Google has published a security update for ChromeOS / ChromeOS Flex.More inf...
New Vulnerabilities Friday 13 January
michele654
Vulnerabilities
New Alerts for Sewio, InHand Networks, SAUTER, Microsoft Edge, IBM, NetApp, and Linux. Sewio  RTLS Studio contains multiple vulnerabilities, including Use of Hard-coded Password, OS Command Injection, Out-of-bounds Write, Cross-Site Request Forgery, Improper Input Validation, and Cross-site Scripting. Highest CVSSv3 score of 10.More info. InHa...
New Vulnerabilities Thursday 12 January
michele654
Vulnerabilities
Quarterly Patches are out for Juniper Networks. New Alerts for Cisco, WAGO, IBM, Zyxel, and Linux. Cisco  Cisco has published 11 new bulletins, 1 Critical, 3 High, and the rest Medium. Highest CVSSv3 score of 9.0More info.Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Rout...
New Vulnerabilities Wednesday 11 January
michele654
Vulnerabilities
New Alerts for Google Chrome, Moxa, Westermo, MAHO-PBX, NetApp, Western Digital, Black Box, and Linux. Google  Google has updated Chrome for Desktop to fix 17 security vulnerabilities.More info.Microsoft is aware. More info. Moxa  TN-4900 Series contains a Use of Hard-coded Credentials vulnerability that allows an attacker to gain privile...
New Vulnerabilities Tuesday 10 January
michele654
Vulnerabilities
Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for IBM, BD, and Linux. UPDATED TO ADD: Monthly Patches for Microsoft and Adobe are out now. Palo Alto Networks Monthly Patches are expected tomorrow. Microsoft  Microsoft Monthly Patches include 98 vulnerabilities, 11 rated Critical (7 of which allow RCE), 1 pub...
New Vulnerabilities Monday 09 January
michele654
Vulnerabilities
New Alerts for IBM and Synology. IBM  Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Highest CVSSv3 score of 9.8More info. And here. Synology  A vulnerability allows remote attackers to possibl6 execute arbitrary commands via a susceptible version of Synology VPN Plus Server. CVSSv3 score of 10M...
New Vulnerabilities Friday 06 January
michele654
Vulnerabilities
New Alerts for Digital Arts, HCL Software, and Linux.  Digital Arts  m-FILTER contains an improper authentication vulnerability when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. CVSSv3 score of 5.3More info. And here. HCL Software  HCL Compass is affected by an IBM HTTP Serve...
New Vulnerabilities Thursday 05 January
michele654
Vulnerabilities
New Alerts for Dell, ManageEngine, and Linux.  Dell  PowerProtect DD remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this CriticalMore info.Container Storage Modules remediation is available for a golang.org/x/net vulnerability that may b...
New Vulnerabilities Wednesday 04 January
michele654
Vulnerabilities
Monthly Patches are out for Qualcomm, MediaTek, Google Android, Google Pixel, Samsung, and Fortinet. New Alerts for Dell and Apache Tomcat. Qualcomm  Monthly Patches for Qualcomm are out with 22 vulnerabilities, 3 rated Critical, 17 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.3More info. MediaTek  Monthly Patches for MediaTe...
New Vulnerabilities Tuesday 03 January
michele654
Vulnerabilities
New Alert for IBM. IBM  Automation Assets in IBM Cloud Pak for Integration is vulnerable to RCE due to an xmldom vulnerability and a webpack loader-utils vulnerability. CVSSv3 score of 9.8More info. And here. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intellig...
New Vulnerabilities Monday 02 January
michele654
Vulnerabilities
No new Alerts today!  Enjoy. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries. https://...
New Vulnerabilities Friday 30 December
michele654
Vulnerabilities
New Alert for IBM. Happy New Year! IBM  In addition to many updates of operating system level packages, Java and Apache security vulnerabilities is addressed with IBM Cloud Pak for Business Automation. Highest CVSSv3 score of 9.8More info.IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.j...
New Vulnerabilities Thursday 29 December
michele654
Vulnerabilities
New Alerts for MatrixSSL, NetApp, and NETGEAR. MatrixSSL  MatrixSSL has been updated to fix an integer overflow vulnerability. CERT Bund rates this CVSSv3 score of 10.More info. NetApp  NetApp has published 10 new bulletins identifying security vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8...
New Vulnerabilities Wednesday 28 December
michele654
Vulnerabilities
New Alerts for NETGEAR and Linux.    Along with these, there is a security update for Nintendo, which includes Mario Kart and Animal Crossing: New Horizons, that fixes a remote code execution vulnerability, CVSSv3 score of 9.8.  Although not "business", my adult children both have Nintendo consoles with this, as do many, many ot...

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.