Author Archives: Ravie Lakshmanan

The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector.
“It encourages organizations to consider … Continue reading NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks→

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that’s part of Avast and AVG antivirus solutions.
“These vulnerabilities allow attackers to escalate privileges enabling t… Continue reading Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus→

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database.
The company, in an updated notification, revealed that a compromised t… Continue reading Heroku Forces User Password Resets Following GitHub OAuth Token Theft→

An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services.
The leak, which was discovered by researchers from information sec… Continue reading Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service→

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.
Tracked as CVE-2022-20777, CVE-2… Continue reading Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software→

Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products.
Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low i… Continue reading F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability→

The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets.
To that end, the SEC is renaming the Cyber Un… Continue reading SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds→

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019.
Dubbed “Operation CuckooBees” by Israeli cybersecurity company Cybereason, the massive intellect… Continue reading Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies→

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and “used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-size… Continue reading Critical RCE Bug Reported in dotCMS Content Management Software→

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
“Government-backed actors from China, Iran, Nort… Continue reading Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers→