ITWeb Security Summit 2021: SolarWinds Insights
According to Charl van der Walt, head of security research at Orange Cyberdefense, the recent SolarWinds hack has offered valuable insight into the actual cost of such a cyberattack. Van der Walt addressed the issue at the ITWeb Security Summit 2021 in his opening keynote address. US network moni
Identity Crime Victims Suffer Financially and Physically
People contacting the Identity Theft Resource Center (ITRC) are, in 30% of cases, victims of more than one identity crime, according to the latest ITRC study conducted over 36 months between 2018 and 2020. The research looks into the emotional, psychological, and physical implications that victims g
New Workaround Issued for Critical RCE Vulnerability in Pulse Secure VPNs
Pulse Secure is offering a quick fix for a critical-remote code (RCE) vulnerability in its popular VPN software known as Pulse Connect Secure. This PCS vulnerability may enable breaches by remote attackers who can execute code as users with root privileges. Ivanti, Pulse Secure’s parent company
Cisco Fixes Six-Month-Old Security Flaw
Six months after disclosing a zero-day arbitrary code execution vulnerability in the Cisco AnyConnect Secure Mobility Client VPN software, the company finally resolved the issue. The security flaw was identified by the Cisco Product Security Incident Response Team in November 2020, but PSIRT was
Google Chrome Implements Exploit Protection Update for Windows 10
Google has announced that Chrome 90 implemented Hardware-Enforced Stack Protection - a new Windows 10 security improvement that keeps memory stacks safe from cybersecurity bad actors. The role of this protective measure is to guard against ROP (return-oriented programming) malware attacks by usin
Buer Makes a Comeback: Malware Rewritten in Rust to Avoid Detection
A new version of Buer malware is circulating online, rewritten in the Rust programming language to make it more difficult to spot. The original version of Buer was first detected in August 2019. It is a downloader sold on the dark web to gain access to networks and compromise them by distributing
FluBot: The Latest Android Malware Will Steal Your Password
FluBot, the quickly spreading Android malware, aims to steal your bank details, passwords, and other sensitive data. The malware is introduced to users’ phones through a phishing link claiming that it’s meant to track package delivery. It prompts you to install a tracking program, which is, in f
Passwordstate Hit with Malicious Harvest Hack
Australian firm Click Studios - the team behind the password manager Passwordstate - has announced that its app has been “harvested” by hackers who infiltrated it with a malicious software update. According to the company’s incident report, the “sophisticated” attack that infected the In-P
New Zero-Day Exploit Found in Desktop Window Manager
Kaspersky Lab has reported its latest discovery of another zero-day exploit affecting Microsoft. The exploit, with the designated code CVE-2021-28310, was found in the Desktop Window Manager. Researchers came along this exploit while analyzing the CVE-2021-1732 exploit, known for being used by ce
Chinese Hackers Suspected for Exploiting a VPN Weakness to Target US Defense Industry
According to a report by the cybersecurity company FireEye, two China-based hacker groups have exploited a VPN weakness to access US defense industry research. The report shows hackers used previously Pulse Secure VPN’s known flaws, as well as a newly discovered one. The product is owned by Iva
Cyber Attackers Actively Exploit Known SAP Vulnerabilities
A joint SAP and Onapsis report says that hackers are exploiting known SAP vulnerabilities to take control over exposed SAP apps and steal sensitive information. It warns that cyber attackers could use the unpatched SAP apps on the Internet to commit ransomware attacks and financial fraud. It also re
FIN7 Hacking Group Member Sentenced to 10 Years in Prison
A 35-year-old Ukrainian national was slapped with a decade-long prison sentence for his role in an infamous hacking group that caused billions of dollars in losses to American companies. According to US authorities, Fedir Hladyr was a manager and systems administrator for an outfit known as FIN7.