Vulnerabilities

Vulnerabilities

Issued by: Security Week

The lockdowns of 2020 led to an increase in online activity. This in turn led to an increase in online identity theft and fraud. The question asked for 2021 is whether 2020 was a temporary spike, or an ongoing change in fraudulent activity. This is the question discussed by Onfido in its Identity Fraud Report…

Vulnerabilities

Issued by: Security Week

Cross-site leaks, also known as XS-Leaks, are a type of browser side-channel attack that can allow a malicious website to infer and collect potentially sensitive user information from other sites by bypassing security mechanisms such as same-origin policy. Same-origin policy is designed to restrict how a document, script or media file loaded by one origin…

Vulnerabilities

Issued by: Dark Reading

A security incident at Planned Parenthood’s Los Angeles (PPLA) branch compromised personal data of about 400,000 patients, officials confirmed this week. News of the breach was confirmed in letters sent to affected patients. These state suspicious activity was detected on the PPLA network on Oct. 17, 2021. Following its discovery, PPLA took its systems offline,…

Vulnerabilities

Issued by: Help Net Security

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…

Vulnerabilities

Issued by: Security Week

The flaw also allowed the researchers to identify the real IP addresses of the hidden service hosting the recovery website, including 20 IPs communicating with the Conti servers, and two Tor entry nodes used for the recovery service, all of which were reported to the authorities. Furthermore, Prodaft discovered victim chat sessions that allowed them…

Vulnerabilities

Issued by: Security Week

The executive order on improving the nation’s cybersecurity tasked CISA with developing playbooks for federal civilian agencies to help them plan and conduct vulnerability and incident response. While the playbooks have been created for federal civilian agencies and their contractors, CISA says the information could also be useful to critical infrastructure organizations and private sector…

Vulnerabilities

Issued by: Security Week

The security hole, tracked as CVE-2021-0146 and rated high severity, impacts Pentium, Celeron and Atom CPUs on mobile, desktop and embedded devices. Affected Atom IoT processors are present in many cars, apparently including ones made by Tesla. Intel announced the availability of fixes when it released its November 2021 Patch Tuesday updates. “Hardware allows activation…

Vulnerabilities

Issued by: Help Net Security

The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing…