- PAN-SA-2021-0003 Informational: Impact of the NAME:WRECK DNS vulnerabilities (Severity: NONE)
- CVE-2021-3044 Cortex XSOAR: Unauthorized Usage of the REST API (Severity: CRITICAL)
- CVE-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution (Severity: MEDIUM)
- CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console (Severity: HIGH)
- CVE-2021-3041 Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation (Severity: HIGH)
- CVE-2021-3042 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation (Severity: HIGH)
- CVE-2021-3037 PAN-OS: Secrets for scheduled configuration exports are logged in system logs (Severity: LOW)
- Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.
- ThreatConnect and Amazon GuardDuty: Protection for your AWS Environment
- Q&A: AVEVA's Tim Grieveson on Cyber Risk Management and Critical Infrastructure
- Q&A: Felicia Thorpe of AHT Insurance on Cyber Insurance and Cyber Risk Quantification
- ThreatConnect and Amazon S3 and EC2: Better Manage Cloud Infrastructure
- Best practices to conduct a user access review
- Extortion is the motive in the Saudi Aramco incident. Updates on the Pegasus Project. Chinese cyberespionage and Beijing’s tu quoque. FIN7 resurfaces, and a post-mortem on Egregor.
- US Senate mulling bill on data breach notifications