|
|
ZDNet | The state-sponsored hackers who breached US software provider SolarWinds earlier this year pivoted to Microsoft's internal network, and then used one of Microsoft's own products to launch attacks against other companies, Reuters reported today citing sources familiar with the investigation. |
|
BetterCloud Monitor | It’s that time of year when you sit down to make lists for things like holiday gifts and New Year’s resolutions. But it’s also a good time to build a different type of list: Your enterprise’s 2021 SaaS sprawl management checklist. Our holiday gift to you this year: We built that checklist. |
|
BleepingComputer | This week, Contact Form 7 project has disclosed an unrestricted file upload vulnerability (CVE pending) in the WordPress plugin that can allow an attacker to bypass Contact Form 7's filename sanitization protections when uploading files. An attacker can upload a crafted file with arbitrary code on the vulnerable server using the plugin. |
|
PCWorld | The new capabilities are part of a public preview of password management and autofill functions within the Authenticator app for iOS and Android, which already serves as a two-factor authenticator (2FA) solution for websites. Until now, however, you were required to come up with your own password for those sites, which Edge could store if you so chose. |