22 September 2021
This feed was created by mixing existing feeds from various sources.
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.
Reduce Risk with an Open Source Code Scanner
Explore the three risks that open source code scanning can mitigate, allowing SecOps and DevOps teams to bridge the gap for more secure application building.
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant also uses an updated obfuscation mechanism which we detail.
This Week in Security News - September 17, 2021
2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware
Integrate Serverless Security for Runtime Apps
Serverless solutions are prone to a high degree of application attacks. Learn how to build runtime application self-protection with vulnerability visibility and mitigation capabilities for your serverless applications.
Securing AWS Infrastructure with Trend Micro Workshop
In this workshop, you’ll learn how to leverage infrastructure as code (IaC) and Security to automate your cloud security efforts. If you’re interested in making cloud security more efficient, automated, proactive, and accessible, this workshop is for you!
Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus
Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.
1H’2021 Security Review Shows Active Cloud Attacks
Trend Micro’s midyear report highlights the growing importance of cloud security as attacks increase in frequency and complexity.
September Patch Tuesday: 66 Bulletins, Only 3 Critical
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins.
What are Open Source Software License Risks?
Explore the risks of using open source licenses and what tools to use to mitigate risks for safer, more legally compliant applications.