Q-CERT Weekly Newsletter 2021-10-03

Alerts

Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability - Read more

Google Chrome zero-days Vulnerabilities - Read more

Multiple Critical and Important Vulnerabilities in Adobe Acrobat and Reader - Read more

Multiple Critical Vulnerabilities in Azure VM Management Extensions - Read more

An authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus - Read more

Advisories

Microsoft September 2021 Patch Tuesday - Read more

Vulnerabilities & Patches

SonicWall Patches Critical Flaw in SMA 100 Products - Read more

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws - Read more

Cybercrimes & Incidents

Hackers exploit 2FA flaw to steal crypto from 6,000 Coinbase users - Read more

New Android Malware Steals Millions After Infecting 10M Phones - Read more

Threats

Threat Actor Targets Indian Government With Commercial RATs - Read more

A New Jupyter Malware Version is Being Distributed via MSI Installers - Read more

High-Profile BluStealer Malware Steals Sensitive Info and Files - Read more

Microsoft rushes to register Autodiscover domains leaking credentials - Read more

FamousSparrow: A suspicious hotel guest - Read more

A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus - Read more

Chinese Attackers Use New Rootkit in Long-Running Campaign Against Windows 10 Systems - Read more

Tools

Elastic expands its threat prevention capabilities to stop advanced threats at the endpoint - Read more

Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps - Read more

Papers

Examining the Cring Ransomware Techniques - Read more

HCRootkit / Sutersu Linux Rootkit Analysis - Read more

Reports

2021 Cloud Security Report - Read more

Event Materials

Wireshark Tutorial: Wireshark Workshop Videos Now Available - Read more

Guidelines

New security feature in September 2021 Cumulative Update for Exchange Server - Read more

NSA, CISA Release Guidance for Choosing and Hardening VPNs - Read more

Upcoming Events

The 4th International Workshop on Attacks and Defenses for Internet-of-Things - Read more

How to

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones - Read more

Q-CERT Weekly Newsletter Service is prepared by Cyber Security Intelligence Team, all concerns, recommendations and complaints are welcomed.The views and opinions expressed in media article are those of the authors and media organizations alone.

Q-CERT | Ministry of Transport and Communications, State of Qatar | Doha P.O.Box 24514 | Qatar