Time to update again – LINK COMPANY: Nvidia HARDWARE DEVICE(s): Nvidia GPU display driver and vGPU software VENDOR LINK(s): https://nvidia.custhelp.com/app/answers/detail/a_id/5142 CVEs: CVE-2021-01051, CVE-2021-01052, CVE-2021-01053, CVE-2021-01054, CVE-2021-01055,CVE-2021-01056 OFFICIAL CVSS: 8.4 down to 5.3
Krebs in his article explains that countless sealed court documents/records could have been exfiltrated. This would be massive treasure trove for the attackers because of the insight into criminal activities inside the US according to the Administrative Office (AO) of the U.S. Courts.
An amazing trend has occurred – Cobalt Strike and Metasploit Tools are the most commonly used tools in Command and Control servers software from numerous malware groups (according to Recorded Future) LINK
COMPANY: Fortinet HARDWARE DEVICE(s): Fortiweb Web Application Firewalls (WAF) VENDOR LINK(s): https://www.fortiguard.com/psirt/FG-IR-20-125 CVEs: CVE-2020-29015, CVE-2020-29016, CVE-2020-29019 and CVE-2020-29018 OFFICIAL CVSS: 6.4 — (Disputed by researcher: The CVE CVE-2020-29016 can allow code execution to be enabled, which means a CVSS of 9+ typically.) NOTES: The vulnerabilities were discovered in the FortiWeb administration interface. The researcher said […]
I have not been documenting the SolarWinds escapades completely because its changing so fast AND CISA has been actively on top of this. Anything you want about it should be at the CISA links below. Their link is HERE
In the near future, Feb 8, 2021, WhatsApp will start sharing your private data with the Facebook mother ship. I honestly can say only one thing, What did you think was going to happen when Facebook purchases WhatsApp for $19 BILLION. Think they would allow the treasure trove of users continue to be “unknown to […]
In the last few months of 2020, it looks like Healthcare has been the primary industry to be taking the punches. Check Point software states the attacks worldwide have jumped 45% in the last months. The attackers are taking advantage of the pandemic and the stress it brings to keep healthcare continuing.
The National Security Agency (NSA) has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants. “NSA recommends that only TLS 1.2 or TLS 1.3 be used and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS1.1 not be used.” Links NSA Release […]
Note that in 2023 the California Privacy Rights Act (CPRA) will go into effect on January 1 2023 as Proposition 24 was voted in. Its going to be awhile before it comes into play but be aware of that it will have impact globally. Dark Reading put some details together on it. – LINK
LINK For those that believe that data like this would not be accessible to law enforcement, think again. In this case 78% of Singapore residents have it on their phones. So think about this, the police know where 78% of the populace are AT ALL TIMES.