Security News

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322.". While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "Unaware of the identity of the potentially affected customers."

In this week's Oh! No! story, a server room fills with toxic fumes. Download the IBM 3270 retrofont that Duck admired in the podcast.

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that REvil, the ransomware gang behind the attack, might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability in the software was leveraged to push ransomware to Kaseya's customers.

Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software that it said were being exploited as a conduit to deploy ransomware.

There is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can't or won't upgrade to the latest operating system. At issue is a remote code execution flaw residing in all Western Digital network attached storage devices running MyCloud OS 3, an operating system the company only recently stopped supporting.

Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates. Technical details and a proof-of-concept exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "Botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. Tracked as CVE-2021-20019, the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure.

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL, a JavaScript API for rendering interactive 2D and 3D graphics within the browser.

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31.