As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites. Shifts in consumer activity due to the coronavirus pandemic altered the activity of automated software programs, also known as bots, in 2020, according to a new […]

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-23281PUBLISHED: 2021-04-13 Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to […]

A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan. Microsoft has warned organizations of a new attack campaign that uses legitimate website contact forms to deliver malicious links to businesses via emails containing fake legal threats. Websites typically have contact forms to […]

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-25373PUBLISHED: 2021-04-09 Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. CVE-2021-25374PUBLISHED: 2021-04-09 An […]

Analysis of threat activity in mission-critical environments prompts CISA advisory urging SAP customers to apply necessary security patches and updates. Threat actors are actively exploiting unpatched vulnerabilities in SAP applications, including in mission-critical environments such as enterprise resource planning (ERP), supply chain management (SCM), product life cycle management (PLM), and […]