• Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

    On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.

  • Microsoft Patch Tuesday, April 2021 Edition

    Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

  • ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

    Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.

  • Are You One of the 533M People Who Got Facebooked?

    Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you're a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.

  • Ransom Gangs Emailing Victim Customers for Leverage

    Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

Hacker News
  • Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that

  • US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

    The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services

  • 1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

    Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.

  • Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

    A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts.  The evolution

  • YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

    Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.

US-Cert Alert
  • Vulnerability Summary for the Week of April 5, 2021

    Original release date: April 12, 2021  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- ipad_os An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 7.5 CVE-2021-1794 MISC apple -- ipad_os An out-of-bounds write was […]

  • Vulnerability Summary for the Week of March 29, 2021

    Original release date: April 5, 2021  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info arubanetworks -- instant A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: and below; Aruba Instant 6.5.x: and below; Aruba Instant 8.3.x: and below; Aruba Instant 8.5.x: and […]

  • Vulnerability Summary for the Week of March 22, 2021

    Original release date: March 29, 2021  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 2021-03-22 7.5 CVE-2021-26295 MLIST CONFIRM MLIST MLIST MLIST apache -- spamassassin In Apache […]

  • Vulnerability Summary for the Week of March 15, 2021

    Original release date: March 22, 2021 | Last revised: March 24, 2021  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- creative_cloud_desktop _application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged […]

  • Vulnerability Summary for the Week of March 8, 2021

    Original release date: March 15, 2021  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info arubanetworks -- airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A […]

Security Highlights