2020 - Securezoo

QNAP fixes Command Injection vulnerability in QTS and QuTS hero

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 31, 2020 December 31, 2020

QNAP has fixed a High severity Command Injection vulnerability CVE-2020-25847 in QTS and QuTS hero.

DHS issues new emergency guidance on SolarWinds Orion Code compromise

Cybersecurity Articles, Cybersecurity Attacks, Data Breach, Security Updates & Patches, Third-Party Security / By Frank Crast / December 30, 2020 December 30, 2020

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.

SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)

Malware / By Frank Crast / December 29, 2020 December 29, 2020

SolarWinds has released an updated security advisory on SUPERNOVA malware, a separate threat vector from the previously reported supply chain cyberattack that was based on SUNBURST backdoor malware. The update now includes new information on 0-day CVE-2020-10148 and PoC demo.

Hackers target Vietnam in supply chain cyberattack

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / December 29, 2020 December 29, 2020

Cybersecurity experts discovered a new supply chain attack against a certification authority organization in Vietnam.

Whirlpool victim of Nefilim ransomware attack

Cybersecurity Attacks, Data Breach, Malware / By Frank Crast / December 28, 2020 December 28, 2020

Home appliance maker Whirlpool has fallen victim to a Nefilim ransomware attack.

DHS warns businesses of risks using Chinese tech and data services

Cybersecurity Articles, Data Breach, Data Privacy, Insider Threats, Regulations & Laws, Security Monitoring, Third-Party Security / By Frank Crast / December 24, 2020 December 24, 2020

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Cybersecurity experts reveal growing list of SolarWinds 2nd stage attack victims

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / December 22, 2020 December 28, 2020

Cybersecurity experts have revealed a growing list of SolarWinds 2nd stage attack victims based on malware analysis.

Solorigate malware behind the SolarWinds attack

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / December 22, 2020 December 22, 2020

Microsoft shared new insights into the Solarigate malware, the compromised DLL file behind the SolarWinds software supply chain attacks.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Cloud Security, Configuration Management, Cybersecurity Attacks, Data Breach, Malware, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / December 19, 2020 December 19, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.

Mozilla releases Firefox 84, fixes for 1 Critical and 6 High risk vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 16, 2020 December 16, 2020

Mozilla releases Firefox 84, fixes for 1 Critical and 6 High risk vulnerabilities

Year: 2020