Embedded malware discovered in NPM package ua-parser-js

Post published:October 27, 2021
Post category:Application Security Malware Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Embedded malware has been discovered in an NPM package ua-parser-js, a popular JavaScript library designed to detect browser, engine, OS, CPU, and device type/model from User-Agent data.

Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks

Post published:October 26, 2021
Post category:Cybersecurity Attacks Third-Party Security

Microsoft has released a new report on Nobelium that has been targeting cloud service providers (CSPs), managed service providers (MSPs) and other IT organizations in order to launch broader attacks against customers they serve.

Drupal patches 3rd-party library CKEditor vulnerabilities

Post published:August 16, 2021
Post category:Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has patched Moderately Critical third-party library CKEditor vulnerabilities that affect multiple versions of Drupal Core.

Drupal patches Critical third-party library vulnerability (CVE-2021-32610)

Post published:July 23, 2021
Post category:Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has patched a Critical third-party library vulnerability that affects multiple versions of Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.

Attackers could have taken over an Atlassian account via one-click exploit

Post published:June 24, 2021
Post category:Application Security Third-Party Security Vulnerabilities & Exploits

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

SDK supply chain vulnerability exposes security cameras to hacking

Post published:June 16, 2021
Post category:Internet of Things (IoT)Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

A vulnerability in ThroughTek’s Kalay Platform software development hit (SDK) has exposed many security cameras used by original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.

Drupal fixes ‘Moderately Critical’ XSS bug in CKEditor library

Post published:May 28, 2021
Post category:Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has patched a Moderately Critical cross-site scripting (XSS) vulnerability in Drupal Core.

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

Post published:March 19, 2021
Post category:Cybersecurity Attacks Security Monitoring System Hardening Third-Party Security

The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.

Drupal patches Critical third-party library vulnerability (CVE-2020-36193)

Post published:January 23, 2021
Post category:Application Security Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.

DHS issues new emergency guidance on SolarWinds Orion Code compromise

Post published:December 30, 2020
Post category:Cybersecurity Articles Cybersecurity Attacks Data Breach Security Updates & Patches Third-Party Security

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.