Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco

The Federal Trade Commission (FTC) found that the six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process."Many internet service providers (ISPs) collect and share far more data about their customers than many consumers ma

Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019Russian news publisher Kommersant called a small sample of the exposed indivi

Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.The UA-Parser-JS library is used to parse a browser's user agent to identify a visitor's browser, engine, OS, CPU, and Device type/model.The library is imme

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close to 8 million downloads per week.The hack, which raised eyebrows because of the software supply chain implications, prompted a “critical severity” warning from GitHub that any computer with the embed

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular lib

Remote access has helped us become more interconnected than ever before. In the United States alone, two months into the pandemic, approximately 35% of the workforce was teleworking. The growth of remote access allowed individuals to work with organizations and teams they don’t physically see or meet. However, the demand for remote access has critical imp

Between law enforcement operations, REvil's second shut down, and ransomware gangs' response to the hacking of their servers, it has been quite the week.This week's biggest news is the Reuters report that international law enforcement operation took over REvil's Tor infrastructure, which ultimately led to the shutdown of the ransomware again last Sunday.Sinc

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil was itself hacked a

Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web securit

The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack.SecurityWeek has confirmed a Reuters report that the Tor servers associated with the REvil ransomware gang were seized in what was described as a “multi-co

Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster.The funds have been moving to multiple new wallets since yesterday, a smaller amount being transferred with each transaction to make the money more difficult to track.The timing aligns with the tak

Image: SCUF GamingSCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information.SCUF Gaming makes high-performance and customized gaming controllers for PCs and consoles, used by both profession

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Certitude Securtiy Advisory - CSA-2021-003 ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ PRODUCT : GridPro Request Management for Windows Azure Pack VENDOR : GridPro Software SEVERITY : Crit

The DigiNotar attack in 2011 set itself apart because it was an attack on the cybersecurity industry itself. Most attacks are on a single company. But this one shook trust in cybersecurity tools and how users decide whom to trust online. After covering this industry for years, I’ve seen firsthand how cyber attacks don’t happen in a vacuum. Inste