About MwCERT

This author has not yet filled in any details.
So far MwCERT has created 7 blog entries.

Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware

The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident [...]

By |2021-07-03T17:23:28+00:00July 3rd, 2021|News|Comments Off on Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware

Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, [...]

By |2021-07-03T17:05:59+00:00July 3rd, 2021|News|Comments Off on Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords

NETGEAR Authentication Bypass Allows Router Takeover

Microsoft security researchers have disclosed three critical security vulnerabilities that affect NETGEAR DGN2200v1 series routers. The vulnerabilities in Netgear routers can lead to identity theft and full system compromise. Description The vulnerabilities allow access to the router management pages using an authentication bypass that lets a threat actor attain complete control over the router and [...]

By |2021-07-02T13:31:09+00:00July 2nd, 2021|Advisories|Comments Off on NETGEAR Authentication Bypass Allows Router Takeover

Dell Client Platform Security Update for Multiple Vulnerabilities in the BIOSConnect and HTTPS Boot features as part of the Dell Client BIOS

Dell is releasing remediations for multiple security vulnerabilities affecting the BIOSConnect and HTTPS Boot features. The Dell BIOSConnect feature is a Dell preboot solution that is used to update system BIOS and recover the operating system (OS) using the SupportAssist OS Recovery on Dell Client platforms. Note: BIOSConnect requires a physically present user to initiate [...]

By |2021-07-03T23:27:38+00:00July 2nd, 2021|Articles|Comments Off on Dell Client Platform Security Update for Multiple Vulnerabilities in the BIOSConnect and HTTPS Boot features as part of the Dell Client BIOS

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities

Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services [...]

By |2021-07-05T09:43:25+00:00July 2nd, 2021|Articles|Comments Off on Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities

Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

IBM Spectrum Protect Plus is a modern data protection solution that provides near-instant data recovery, replication, retention, and reuse for physical and virtual machines, Windows file systems, databases applications, SaaS workloads, and containers. It is easily deployed as a virtual appliance and the agentless architecture is easy to maintain. It unlocks the value of your [...]

By |2021-07-05T09:06:38+00:00July 1st, 2021|Advisories|Comments Off on Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Microsoft Windows Print Spooler Rce Vulnerability

The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading the [...]

By |2021-07-03T22:32:26+00:00July 1st, 2021|Advisories|Comments Off on Microsoft Windows Print Spooler Rce Vulnerability