Drupal patches Critical third-party library vulnerability (CVE-2021-32610)

Drupal has patched a Critical third-party library vulnerability that affects multiple versions of Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.

Continue ReadingDrupal patches Critical third-party library vulnerability (CVE-2021-32610)

Attackers could have taken over an Atlassian account via one-click exploit

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

Continue ReadingAttackers could have taken over an Atlassian account via one-click exploit

SDK supply chain vulnerability exposes security cameras to hacking

A vulnerability in ThroughTek’s Kalay Platform software development hit (SDK) has exposed many security cameras used by original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.

Continue ReadingSDK supply chain vulnerability exposes security cameras to hacking

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.

Continue ReadingCHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

DHS warns businesses of risks using Chinese tech and data services

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Continue ReadingDHS warns businesses of risks using Chinese tech and data services