April 2021 - Securezoo

“BadAlloc” vulnerabilities impact broad range of IoT and OT devices

Cybersecurity Attacks, Internet of Things (IoT), Network Security, Security Updates & Patches, System Hardening, Vulnerabilities & Exploits / Frank Crast / April 30, 2021 / Azure, BadAlloc, Industrial control, IOT, Microsoft, OT, Section 52

Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed “BadAlloc” that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.

“BadAlloc” vulnerabilities impact broad range of IoT and OT devices Read More »

Samba fixes vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 30, 2021 / CIFS, CVE-2021-20254, Samba, SMB

Samba has released a software update to fix a vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files. A remote attacker could take advantage of this bug and exploit unpatched systems.

Samba fixes vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files Read More »

Shlayer malware bypasses Gatekeeper on macOS

Malware, Vulnerabilities & Exploits / Frank Crast / April 28, 2021 / Big Sur, Catalina, CVE-2021-30657, File Quarantine, Gatekeeper, Jamf, macOS, malware, Mohave, Notarization, Shlayer

Security researchers from Jamf have uncovered a new strain of mac-based malware dubbed Shlayer that bypasses some of macOS built-in protections to include Gatekeeper, Notarization and File Quarantine.

Shlayer malware bypasses Gatekeeper on macOS Read More »

Apple security updates for iOS 14.5, macOS Big Sur 11.3 and other products (updated)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 28, 2021 / Apple, Big Sur, BigSur113, CVE-2021-30657, iCloud, iOS, iOS145, macOS, Safari, Shlayer, tvOS, watchOS

Apple has released security updates to fix vulnerabilities in iOS 14.5, macOS Big Sur 11.3, Safari 14.1, tvOS 14.5, watchOS 7.4, Xcode 12.5 and other products.

Apple security updates for iOS 14.5, macOS Big Sur 11.3 and other products (updated) Read More »

Google releases Chrome security update (90.0.4430.93)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 28, 2021 / ANGLE, Chrome, Chrome 90, CVE-2021-21227, CVE-2021-21232, CVE-2021-21233, Dev Tools, V8

Google has released Chrome 90 security update (90.0.4430.93) for Windows, Mac and Linux with fixes for 9 vulnerabilities.

Google releases Chrome security update (90.0.4430.93) Read More »

FluBot: Beware of this Android password-stealing malware

Malware, Mobile Security, Password Management / Frank Crast / April 26, 2021 / FluBot, malware, mobile, NCSC, Trojan

Security experts from UK’s National Cyber Security Centre (NCSC) warned of a new malware strain FlyBot, an Andoid password-stealing malware.

FluBot: Beware of this Android password-stealing malware Read More »

New Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / Frank Crast / April 26, 2021 / APT, CISA, CVE-2020-10148, malware, Orion, SolarWinds, Supernova

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new analysis report on Supernova malware used in a cyberattack and long term compromise of an entity’s network and SolarWinds systems.

New Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure Read More »

Drupal patches Critical XSS vulnerability in Drupal Core

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 26, 2021 / Drupal, XSS

Drupal has patched a Critical cross-site scripting (XSS) vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.

Drupal patches Critical XSS vulnerability in Drupal Core Read More »

SonicWall Email Security zero-day vulnerabilities

Messaging Security, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 25, 2021 / CVE-2021-20021, CVE-2021-20022, CVE-2021-20023, email, HES, Messaging, SonicWall

SonicWall has released urgent patches for Critical Email Security product zero-day vulnerabilities CVE-2021-20021, CVE-2021-20022 and CVE-2021-20023.

SonicWall Email Security zero-day vulnerabilities Read More »

Alert: Qlocker and eCh0raix ransomware attacks against QNAP NAS devices

Cybersecurity Attacks, Malware, Network Security, Storage Security / Frank Crast / April 24, 2021 / CVE-2020-36195, CVE-2021-28799, eCh0raix, NAS, Qlocker, QNAP, QTS

QNAP Systems, Inc. (QNAP) issued a statement strongly urging users to immediately update and run malware scans on QNAP NAS devices after recent reports of ransomware attacks involving Qlocker and eCh0raix.

Alert: Qlocker and eCh0raix ransomware attacks against QNAP NAS devices Read More »