Security News > 2021 > August > Week in review: ProxyShell and Realtek SDK vulnerabilities exploitation, automated pentesting

Week in review: ProxyShell and Realtek SDK vulnerabilities exploitation, automated pentesting
2021-08-29 08:00

Realtek SDK vulnerability exploitation attempts detectedThreat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices.

ProxyShell vulnerabilities actively exploited to deliver web shells and ransomwareThree so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned.

ICS vulnerabilities disclosed in H1 2021 rose by 41%Industrial control system vulnerability disclosures are drastically increasing as high-profile cyberattacks on critical infrastructure and industrial enterprises have elevated ICS security to a mainstream issue, according to a report released by Claroty.

Why automated pentesting won't fix the cybersecurity skills gapThe security talent gap is not getting any smaller and people are coming up with some outlandish ideas for closing it.

Hybrid work: How do you secure every identity on your network?In this interview with Help Net Security, Ben King, Chief Security Officer EMEA / APAC, Okta, talks about the authentication challenges related to hybrid working environments, the state of passwordless authentication, and much more.

What is the HIPAA Security Rule? Three safeguards to have in placeTwo notable rules were added to HIPAA: the Privacy Rule, to help cover the physical security of PHI, and the Security Rule, to safeguard electronic protected health information.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/S0KGYes5t-0/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-35395 Unspecified vulnerability in Realtek Jungle SDK
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point.
network
low complexity
realtek
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Realtek 40 3 16 35 6 60