Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Adobe Creative Cloud User Data Exposed
Advisory Overview: Security researchers discovered that subscriber information for Adobe’s Creative Cloud was exposed to the public due to an unencrypted database cache. Technical detail and additional information: What is the threat? Although the database storing customer information was secured,...
Cybersecurity Threat Advisory: Adobe Out-of-Band Security Patches
Advisory Overview Adobe Creative Cloud is a popular platform for the use of many different Adobe applications and services. Recently, security researchers uncovered a database cache which was not properly secured to prevent access by unauthorized parties. A database cache...
Cybersecurity Threat Advisory: Cisco Addresses Serious Flaws in Wireless Access Points
Advisory Overview Cisco, one of the leading networking hardware manufacturers, routinely updates and patches components of their product line. Recently, one of these update sets applied to Cisco Aironet wireless access points (WAP’s). WAP’s extend the coverage of a WIFI...
Cybersecurity Threat Advisory: D-Link Routers Unauthenticated Vulnerability
Advisory Overview Several older D-Link routers have a known vulnerability that can allow an attacker to use a legitimate communications channel in illegitimate ways. Through this vulnerability, and attacker could send program code or files that can allow the attacker...
Cybersecurity Threat Advisory: New Microsoft NTLM Flaws May Allow Full Domain Compromise
Advisory Overview NTLM is one of several methods that can be used to authenticate and confirm the identity of a user within a Windows-based network. Two flaws in NTLM were recently found which could allow an attacker to trick NTLM...
Cybersecurity Threat Advisory: TransUnion Incident: Credit Info Exposed
Advisory Overview: TransUnion, a credit reporting bureau, recently began notifying some consumers that their credit information had been obtained by an unauthorized person or persons. The access occurred when a threat actor illegally accessed a TransUnion website that allows businesses...
Cybersecurity Threat Advisory: American Express Breach by Ex-employee
Advisory Overview American Express – a provider of credit, travel, and other business and personal finance services –advised some customers on September 30, 2019 that their personal and American Express account information may have been compromised and may be used...
Cybersecurity Threat Advisory: Comodo Security Breached by vBulletin Zero Day
Advisory Overview: Cybersecurity firm Comodo – who provides website security certificates and other services – recently suffered a breach of their web forum site which included usernames, IP addresses, and other data of forum users. Since many users re-use credentials...
Cybersecurity Threat Advisory: Microsoft Releases Patch for Internet Explorer Vulnerability
Advisory Overview: Microsoft has released an emergency patch for Internet Explorer (multiple versions) that fixes a critical vulnerability in that browser. By manipulating Internet Explorer via a specially-configured website, a threat actor can gain privileges equal to the user who...
Cybersecurity Threat Advisory: LastPass Bug Leaks Credentials From Previous Site
Advisory Summary: LastPass is a very popular and widely used password manager – software designed to save user passwords, create secure passwords, and automatically fill in usernames and passwords on websites. Recently, security researchers have discovered that JavaScript embedded in...
