Third-Party Security - Securezoo Blog

Drupal fixes ‘Moderately Critical’ XSS bug in CKEditor library

Post author:Frank Crast
Post published:May 28, 2021
Post category:Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has patched a Moderately Critical cross-site scripting (XSS) vulnerability in Drupal Core.

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

Post author:Frank Crast
Post published:March 19, 2021
Post category:Cybersecurity Attacks Security Monitoring System Hardening Third-Party Security

The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.

Drupal patches Critical third-party library vulnerability (CVE-2020-36193)

Post author:Frank Crast
Post published:January 23, 2021
Post category:Application Security Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.

DHS issues new emergency guidance on SolarWinds Orion Code compromise

Post author:Frank Crast
Post published:December 30, 2020
Post category:Cybersecurity Articles Cybersecurity Attacks Data Breach Security Updates & Patches Third-Party Security

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.

Hackers target Vietnam in supply chain cyberattack

Post author:Frank Crast
Post published:December 29, 2020
Post category:Cybersecurity Attacks Malware Third-Party Security

Cybersecurity experts discovered a new supply chain attack against a certification authority organization in Vietnam.

DHS warns businesses of risks using Chinese tech and data services

Post author:Frank Crast
Post published:December 24, 2020
Post category:Cybersecurity Articles Data Breach Data Privacy Insider Threats Regulations & Laws Security Monitoring Third-Party Security

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Cybersecurity experts reveal growing list of SolarWinds 2nd stage attack victims

Post author:Frank Crast
Post published:December 22, 2020
Post category:Cybersecurity Attacks Malware Third-Party Security

Cybersecurity experts have revealed a growing list of SolarWinds 2nd stage attack victims based on malware analysis.

Solorigate malware behind the SolarWinds attack

Post author:Frank Crast
Post published:December 22, 2020
Post category:Cybersecurity Attacks Malware Third-Party Security

Microsoft shared new insights into the Solarigate malware, the compromised DLL file behind the SolarWinds software supply chain attacks.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Post author:Frank Crast
Post published:December 19, 2020
Post category:Cloud Security Configuration Management Cybersecurity Attacks Data Breach Malware Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a 'grave risk' to critical infrastructure, government and private sector organizations.

Global active exploits against SolarWinds via Sunburst backdoor

Post author:Frank Crast
Post published:December 14, 2020
Post category:Cybersecurity Attacks Data Breach Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Cybersecurity experts are warning of major global active exploits against SolarWinds Orion Platform software versions via a Sunburst backdoor and supply chain attack.