DNA Diagnostics Center (DDC) – undisclosed data breach releasing 2.1 million users data Vestas Wind Systems (Danish Wind Turbines) – ransomware Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is […]
Month: November 2021
Printing Shellz: Critical “Wormable” Flaws Found in HP Printers
LINK 150 printing devices might be affected going back to around 2013. CVE’s related – CVE-2021-39238 (CVSS of 9.3) and CVE-2021-39237 (CVSS of 7.1)
Vulnerability Summary for the Week of November 22, 2021
LINK The weekly rundown from CISA on Vulnerabilities. Take time to look at the list.
Breach Announcements – November 29, 2021
Lewis and Clark Community College (college in Illinois) – unspecified cyber attack Supernus Pharmaceuticals – Hive ransomware Panasonic (Electronics manufacturer) – file server breach Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) […]
Breach Announcements – November 26, 2021
IKEA (furniture and home reatailer) – unspecified Email and ongoing attack Swire Pacific Offshore (marine services) – Clop ransomware Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to […]
RCE Zero-Day found in TPLink Wireless device
LINK TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router) enterprise router was found to have a RCE in it. Time to update if you happen to have this device
VMware patches High Severity Vulnerability
LINK CVE-2021-21980 – an attacker can gain access to information he/she was not meat to be able to access.
Researchers deployed multiple instances of vulnerable systems and found that 80% of the 320 honeypots were compromised within 24 hours.
LINK I liked this article at Security Affairs. 80% of honeypots were compromised in 24 hours…wow
Active Attack: Malware Authors Already Targeting Windows LPE Zero-Day
LINK CVE-2021-41379 is out there and active. No update yet from Microsoft.
New Windows zero-day with public exploit
LINK A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.