SonicWall warns users to patch critical vulnerability as soon as possible
blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/ SonicWall has issued a security notice about its SMA 100 series of appliances. The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device.
Uusi pankkihuijaus haluaa tunnukset 8 tunnissa erottaisitko itse tämän sivun aidosta?
www.is.fi/digitoday/tietoturva/art-2000008286937.html SÄHKÖPOSTITSE levitetään parhaillaan Nordean nimissä huijausta, jossa käyttäjälle esitetään vaatimus tunnistautua uudelleen kahdeksan tunnin kuluessa sähköpostin saamisesta lukien.
Uudenlainen huijaus: Varo maksupyyntöä MobilePayssa Kelan nimissä
www.is.fi/digitoday/tietoturva/art-2000008287326.html KELA varoittaa nimissään MobilePay-rahansiirtosovelluksessa tehtävästä huijauksesta. Maksupyyntö on naamioitu etuisuuden takaisinmaksupyynnöksi.. katso myös
Major European call center provider goes down in ransomware attack
therecord.media/major-european-call-center-provider-goes-down-in-ransomware-attack/ GSS, the Spanish and Latin America division of Covisian, one of Europes largest customer care and call center providers, has suffered a debilitating ransomware attack that froze a large part of its IT systems and crippled call centers across its Spanish-speaking customerbase.
German Election: Phishing Attacks and Disinformation Campaigns Target Parliament Members
EU officially blames Russia for ‘Ghostwriter’ hacking activities
www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/ The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data,” European Council officials said in a press release today.. see also
Researcher drops three iOS zero-days that Apple refused to fix
www.bleepingcomputer.com/news/security/researcher-drops-three-ios-zero-days-that-apple-refused-to-fix/ Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher.
Emergency Google Chrome update fixes zero-day exploited in the wild
www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-exploited-in-the-wild/ Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.
Bug in macOS Finder allows remote code execution
www.welivesecurity.com/2021/09/23/bug-macos-finder-remote-code-execution/ While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented
Microsoft rushes to register Autodiscover domains leaking credentials
www.bleepingcomputer.com/news/microsoft/microsoft-rushes-to-register-autodiscover-domains-leaking-credentials/ Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol.
State-sponsored hacking group targets Port of Houston using Zoho zero-day
therecord.media/state-sponsored-hacking-group-targets-port-of-houston-using-zoho-zero-day/ A suspected state-sponsored hacking group has attempted to breach the network of the Port of Houston, one of the largest port authorities in the US, using a zero-day vulnerability in a Zoho user authentication appliance, CISA officials said in a Senate hearing today.
Exploits imminent for critical VMware vCenter CVE-2021-22005 bug
www.bleepingcomputer.com/news/security/exploits-imminent-for-critical-vmware-vcenter-cve-2021-22005-bug/ Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online.