SecurityWeek

Privilege Escalation Bugs Patched in Linux Kernel

Security Week - Thu, 03/04/2021 - 12:27pm

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel.

Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.

read more

Categories: SecurityWeek

Managed Services Provider CompuCom Hit by Malware

Security Week - Thu, 03/04/2021 - 10:59am

Managed services provider CompuCom was recently targeted in a cyberattack that led to some disruption to customer services and internal operations.

read more

Categories: SecurityWeek

Cybercriminals Finding Ways to Bypass '3D Secure' Fraud Prevention System

Security Week - Thu, 03/04/2021 - 10:17am

Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure (3DS), which is designed to improve the security of online credit and debit card transactions.

read more

Categories: SecurityWeek

Cybercriminals Target Industrial Organizations in Information Theft Campaign

Security Week - Thu, 03/04/2021 - 9:23am

A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign.

read more

Categories: SecurityWeek

German Officials Want Emails, IMs Tied to Real-World ID

Security Week - Thu, 03/04/2021 - 9:00am

Germany security officials are proposing that Internet companies should link a user’s real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists.

read more

Categories: SecurityWeek

Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability

Security Week - Thu, 03/04/2021 - 8:46am

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine.

read more

Categories: SecurityWeek

Multiple Cyberspy Groups Target Microsoft Exchange Servers via Zero-Day Flaws

Security Week - Thu, 03/04/2021 - 7:50am

Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers.

read more

Categories: SecurityWeek

Qualys Confirms Unauthorized Access to Data via Accellion Hack

Security Week - Thu, 03/04/2021 - 6:19am

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

read more

Categories: SecurityWeek

Microsoft Pays $50,000 Bounty for Account Takeover Vulnerability

Security Week - Wed, 03/03/2021 - 11:45pm

A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account.

read more

Categories: SecurityWeek

Okta to Acquire Rival Auth0 in $6.5 Billion Deal

Security Week - Wed, 03/03/2021 - 5:09pm

Identity and access management giant Okta (NASDAQ: OKTA) late Wednesday announced plans buy rival Auth0 in an all-stock transaction valued at roughly $6.5 billion.

read more

Categories: SecurityWeek

New CISO Hires at Uber, Square, SailPoint

Security Week - Wed, 03/03/2021 - 2:21pm

Ride-sharing giant Uber has quietly snapped up veteran security leader Latha Maripuri to be its Chief Information Security Officer (CISO).

A formal announcement has not yet been made but Maripuri, a security leader with stints at IBM and NewsCorp, has shared the news on her LinkedIn profile.

read more

Categories: SecurityWeek

Intel Paid Out $800,000 Per Year Through Bug Bounty Program

Security Week - Wed, 03/03/2021 - 1:18pm

Over 230 Vulnerabilities Patched in Intel Products in 2020

Intel patched 231 vulnerabilities in its products last year, roughly the same as in the previous year, when it fixed 236 flaws.

read more

Categories: SecurityWeek

Jetty Flaw Can Be Exploited to Inflate Target's Cloud Bill, Cause Disruption

Security Week - Wed, 03/03/2021 - 10:44am

A vulnerability affecting Eclipse Jetty web servers can be exploited by an attacker to inflate a targeted organization’s cloud services bill or cause disruption, according to security researchers at tech company Synopsys.

read more

Categories: SecurityWeek

VMware Patches Remote Code Execution Vulnerability in View Planner

Security Week - Wed, 03/03/2021 - 10:23am

VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution.

read more

Categories: SecurityWeek

Google Vows to Stop Tracking Individual Browsing for Ads

Security Week - Wed, 03/03/2021 - 10:01am

Google on Wednesday pledged to steer clear of tracking individual online activity when it begins implementing a new system for targeting ads without the use of so-called "cookies."

read more

Categories: SecurityWeek

Chrome 89 Patches Actively Exploited Vulnerability

Security Week - Wed, 03/03/2021 - 8:22am

Google this week announced the availability of Chrome 89 in the stable channel, with patches for a total of 47 vulnerabilities, including one that has been exploited in the wild.

read more

Categories: SecurityWeek

Should You Be Concerned About the Recently Leaked Spectre Exploits?

Security Week - Wed, 03/03/2021 - 7:22am

A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. While some experts say this could increase the risk of exploitation for malicious purposes, others believe there is no reason for concern.

read more

Categories: SecurityWeek

The Different Flavors of Cyber Resilience

Security Week - Wed, 03/03/2021 - 7:03am

Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software

read more

Categories: SecurityWeek

Microsoft Expands Secured-core to Servers, IoT Devices

Security Week - Wed, 03/03/2021 - 4:49am

Microsoft this week announced Secured-core Server and Edge Secured-core, two solutions aimed at improving the security of servers and connected devices.

read more

Categories: SecurityWeek

Pages