Cybersecurity Highlights

The most important hardware weaknesses according to MITRE

MITRE has published the list of the most important hardware (HW) weaknesses (CWE) for the year 2021 in order to raise awareness and prevent security incidents. Among the most dangerous ones are:...

References:

cwe.mitre.org

us-cert.cisa.gov

bleepingcomputer.com

Tags:

IoT

Vulnerability

OWASP publishes the Top 10 – 2021 of web application security risks

The Open Web Application Security Project (OWASP) has published the 2021 edition of its Top 10 draft, which presents the 10 most critical security risks, replacing the previous 2017 version.In the...

References:

owasp.org

zdnet.com

unaaldia.hispasec.com

Tags:

Vulnerability

Travis CI login credentials could have been exposed

The Travis CI platform, used for software compilation and testing tasks, has disclosed a vulnerability, CVE-2021-41077, whereby user credentials, such as API keys and access tokens, could have been...

References:

travis-ci.community

blog.travis-ci.com

arstechnica.com

unaaldia.hispasec.com

Tags:

Thousands of Fortinet device login credentials were linked

Cybersecurity solutions provider Fortinet has confirmed that a cybercriminal has made public the SSL-VPN login credentials associated with at least 87.000 FortiGate SSL-VPN devices via the RAMP...

References:

fortinet.com

bleepingcomputer.com

thehackernews.com

unaaldia.hispasec.com

gist.github.com

Tags:

Cybercriminals turn a Jenkins server into a cryptominer

The Jenkins infrastructure team has reported that its deprecated Confluence service was the target of a cyberattack in early September, exploiting vulnerability CVE-2021-26084 to install a Monero...

References:

jenkins.io

threatpost.com

zdnet.com

incibe-cert.es

Tags:

Microsoft Power Apps put the confidentiality of millions of data at risk

UpGuard researchers have reported a vulnerability that affects Microsoft Power Apps, related to a configuration flaw in ODdata API, which could have exposed online more than 38 million of sensitive...

References:

upguard.com

docs.microsoft.com

unaaldia.hispasec.com

zdnet.com

thehackernews.com

Tags:

Public administration

Vulnerability

Millions of dollars stolen from Poly Network

The decentralised funding platform, Poly Network, for the interconnection of blockchains based on the DeFi protocol, has reported that a cybercriminal group has stolen at least $600 million in...

References:

twitter.com

criptonoticias.com

bleepingcomputer.com

Tags:

Supply-chain cyberattack against Kaseya VSA software

Software company Kaseya, dedicated to offer IT solutions and products to managed service providers (MSP), confirmed that it has been the victim of sophisticated supply-chain cyberattack that...

References:

helpdesk.kaseya.com

us-cert.cisa.gov

bleepingcomputer.com

xataka.com

thehackernews.com

Tags:

Other critical infrastructures

Tool

Vulnerability

QNAP devices affected by Qlocker and eCh0raix ransomware

Multiple devices from QNAP, a Taiwanese company specialising in NAS storage, have been affected by two types of ransomware, called Qlocker and eCh0raix, aimed at encrypting their NAS devices for...

References:

qnap.com

bleepingcomputer.com

genbeta.com

incibe.es

Tags:

Data breach at Codecov

After an investigation, the company Codecov, which offers an online platform for code testing, has confirmed a data breach via a supply chain attack affecting its Bash Uploader script.The incident,...

References:

about.codecov.io

securityweek.com

reuters.com

gizmodo.com

unaaldia.hispasec.com

Tags:

Corporate access

Cybersecurity Highlights

The most important hardware weaknesses according to MITRE

OWASP publishes the Top 10 – 2021 of web application security risks

Travis CI login credentials could have been exposed

Thousands of Fortinet device login credentials were linked

Cybercriminals turn a Jenkins server into a cryptominer

Microsoft Power Apps put the confidentiality of millions of data at risk

Millions of dollars stolen from Poly Network

Supply-chain cyberattack against Kaseya VSA software

QNAP devices affected by Qlocker and eCh0raix ransomware

Data breach at Codecov

Pages