September 2021 - Page 6 of 6 - Cyber Security Minute

USCYBERCOM Warns of Mass Exploitation of Atlassian Vulnerability Ahead of Holiday Weekend

Issued by: Security Week

“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,” USCYBERCOM tweeted Friday morning. “Please patch immediately if you haven’t already— this cannot wait until after the weekend.” On August 25, Atlassian issued patches to address the critical code execution vulnerability that carried a CVSS score of 9.8. Described by the software maker…

Network Security

SOAR Company D3 Security Raises $10 Million

Issued by: Security Week

D3 Security also said it obtained an additional $5 million in debt financing from a major financial institution. The company plans on using the money to improve its product, to grow, and to expand sales and marketing efforts. D3 Security also announced the imminent release of its XGEN SOAR platform, which provides automation and orchestration…

Malware & Threats

China theft of US agriculture sector trade secrets prompts government guidance

Issued by: CSO

If you didn’t think the agriculture and food sector is of national security significance, then the issuance of the Insider Risk Mitigation Guide by the National Counterintelligence and Security Center (NCSC) in conjunction with the Department of Defense’s Center for Development of Security Excellence (CDSE) should be the equivalent of the bat-signal shining over Gotham….

Malware & Threats

Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft

Issued by: Security Week

The missing mitigation was flagged by Microsoft in a post mortem of last month’s zero-day attack that hit businesses using the SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP products. Microsoft originally shipped the mitigation — called ASLR (Address Space Layout Randomization) in Windows Vista back in 2006 as part of a larger plan…

Malware & Threats

What Has Changed Since the 2017 WannaCry Ransomware Attack?

Issued by: Security Intelligence

The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021. While researching my in-depth article WannaCry: How the Widespread Ransomware Changed Cybersecurity, I learned…

Application Security

The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have

Issued by: Security Intelligence

The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks and threats for applications. The OWASP…