Cloud-Native Businesses Struggle With Security
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.Companies increasingly moved their applications and infrastructure to the cloud...
CISA Publishes Analysis on New ‘FiveHands’ Ransomware
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2021-27941PUBLISHED: 2021-05-06
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on...
New Techniques Emerge for Abusing Windows Services to Gain System Control
Organizations should apply principles of least privilege to mitigate threats, security researcher says.Several new techniques have become available recently that give attackers a way to abuse legitimate Windows services...
Troy Hunt: Organizations Make Security Choices Tough for Users
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.Data breach notification website Have I Been...
Wanted: The (Elusive) Cybersecurity ‘All-Star’
Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the...
DoD Lets Researchers Target All Publicly Accessible Info Systems
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.The Department of Defense (DoD) has expanded its vulnerability disclosure program to include...
Attackers Seek New Strategies to Improve Macros’ Effectiveness
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.The use of malicious macros to infect Windows systems grew...
Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2021-26804PUBLISHED: 2021-05-04Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif",...
Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.Hundreds of millions of Dell laptops, notebooks, and tablets are at...
Apple Issues Patches for Webkit Security Flaws
The vulnerabilities may already be under active attack, Apple says in an advisory.Apple has released several security updates to address vulnerabilities in multiple products including iOS, WatchOS and iPadOS.
Some...
