Security

When unexpected circumstances arise, you respond by mobilizing to support your employees, customers, and partners—all while preparing for what might happen next. For 35 years, DataEndure has been in the business of digital resilience – and we are here and available to help enable business continuity and progress during disruptive times. We can help you support remote-access workers, help ensure the availability of data and applications, and help you prepare for—and… Read More

Google Releases Security Update for Chrome browser  Situation Google has recently released a security update for their Chrome browser version 80.0.3987.162 for Windows, Mac, and Linux systems. This version addresses vulnerabilities that could allow an attacker to take control of an affected system. Problem There was a total of eight security vulnerabilities fixed on the Google Chrome browser. With the most severe of these being two use after free vulnerabilities found in the… Read More

Situation PhishLabs has seen an increase in threat actors impersonating key public health organizations and agencies to phish victims for-profit and malware exploitation. Problem PhishLabs has seen four separate phishing campaigns using the World Health Organization (WHO) and the Center for Disease Control (CDC) name. In the first campaign, the sender uses SendGrid to distribute a fake national health center email address. The link in the message claims to provide… Read More

COVID-19 Used To Hide Distribution of Cerberus Situation Hackers are using the COVID-19 Pandemic to spread malware and trojans, specifically using a trojan called Cerberus to public phone and tablet devices. This type of attack could potentially infect and compromise thousands of machines. This trojan is used to steal Credit Card numbers and personal user data from these devices. Problem This type of trojan will attempt to install itself from a webpage, link, or by opening… Read More

Apple releases security updates to prevent numerous vulnerabilities Situation Apple has released security updates across its software platforms to prevent numerous vulnerabilities. Problem Apple has found multiple vulnerabilities in iTunes for Windows, iPadOS, iOSSafari, watchOS, tvOS, macOS Catalina, macOS Mojave, macOS High Sierra, and Xcode. This could allow the possibility of remote takeover or control of the devices and software. Implication  A remote attacker could exploit these vulnerabilities in the unpatched software and take control of the device, steal information, or use the device… Read More

Cisco has released updates to patch multiple vulnerabilities in their SD-WAN Solution software Situation Cisco has released updates to patch multiple vulnerabilities in their SD-WAN Solution software.  There are Privilege Escalation, Command Injection and Buffer Overflow vulnerabilities in the SD-WAN Solution software. Problem Cisco has found multiple vulnerabilities in its SD-WAN Solution software that include Privilege Escalation, Command Injection, and Buffer Overflow in the environment. Implication  If the vulnerabilities are left unpatched or are exploited before patching a remote attacker could… Read More

At DataEndure, we are and always have been about people. So, helping people navigate through the challenges posed by COVID-19, where we can, is important to us. We are very aware that cyber-adversaries are finding this to be a most opportune time to grow their bounty. It is for this reason we created this blog. With many regions rushing to protect their employees and conform with “shelter in place” orders,… Read More

Cisco has released updates to patch multiple vulnerabilities in their SD-WAN Solution software Situation Cisco has released updates to patch multiple vulnerabilities in their SD-WAN Solution software.  There are Privilege Escalation, Command Injection and Buffer Overflow vulnerabilities in the SD-WAN Solution software. Problem Cisco has found multiple vulnerabilities in its SD-WAN Solution software that include Privilege Escalation, Command Injection, and Buffer Overflow in the environment. Implication  If the vulnerabilities are left unpatched or are exploited before patching a remote attacker could… Read More

Situation VMware has found and patched three critical vulnerabilities (CVE-2019-5543, CVE-2020-3947, and CVE-2020-3948). Two of which being privilege escalation vulnerability and one being use-after-free vulnerability. The products that are affected are VMware Horizon Client, Remote Console (VMRC), VMware Workstation and Fusion. Problem CVE-2020-3947: VMware Workstation and Fusion contain a use-after-free vulnerability (CVE-2020-3947) in vmnetdhcp. An attacker must first obtain the ability to execute low-privileged code on the target guest system… Read More

Mozilla Releases Security Updates for  Firefox Situation Mozilla has released security updates to address a number of vulnerabilities in Firefox and Firefox ESR browser. Problem Mozilla has patched a number of high impact vulnerabilities found on the Firefox and Firefox ESR browser. Some of these vulnerabilities are memory safety bugs that could be exploited to run arbitrary code. Implication Not having your browser up to date could leave your system… Read More