Symphony Technology Group (STG) announced the launch of Trellix, a new business delivering extended detection and response (XDR) to organizations with a focus on accelerating technology innovation through machine learning and automation. Trellix emerges from the previously announced merger of McAfee Enterprise and FireEye.
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. Samba is an open-source re-implementation of the Windows Server Message Block (SMB) networking protocol that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.
EU to Stage Large-Scale Cyberattack Exercise on Supply Chains. The aim of the six-week exercise is to stress-test Europe’s resilience, strengthen preparedness and cooperation among member states, and improve the effectiveness of a joint response.
A Safari bug has surfaced, that can leak browsing history and information related to Google account. Apple’s browser, which is the default on macOS, iOS, and iPad OS has a security issue related to IndexedDB. This is an API that is used by websites to store data on the device, and uses the same-origin policy.
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.
Apache has released version 2.17.0 of the patch for Log4j after discovering issues with their previous release, which came out on Tuesday. Apache said version 2.16 “does not always protect from infinite recursion in lookup evaluation” and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the severity is “high” and gave it a CVSS score of 7.5.
Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s attack toolset, Kaspersky researchers said, characterizing the operation as a “mass-scale spyware attack campaign”.
Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password.
Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android. The first flaw, tracked as CVE-2021-34423, is a high-severity buffer overflow vulnerability that received a CVSS base score of 7.3.
An independent security researcher discovered a way to brute force Verizon PINs online, meaning they could potentially break into Verizon customer accounts. In response, Verizon has taken the impacted web pages offline.
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version. The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515) which could allow attackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers. Desktop Central Cloud is not affected.
Recorded Future Expert Allan Liska has published a new free e-book to explain: why ransomware exploded in recent years, how to stop a ransomware attack in its tracks and survive with minimal damage and should you pay the ransom or not.
T&T Alien Labs™ has found new Golang malware BotenaGo written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.
The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers. Last year, the TrickBot gang added a new feature to their malware that terminated the infection chain if a device was using non-standard screen resolutions of 800×600 and 1024×768. In a new variation spotted by threat researchers, the verification code has been added to the HTML attachment of the malspam delivered to the potential victim.
A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it’s possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.
