Security News > 2020 > July

"It's essential to comprehensively monitor an organization's critical systems, regardless of the size of the business," said Rob Scott, president and CEO at Cygilant. "Risks are constantly increasing - while financial and staffing resources are decreasing. This is why a solution that teams LogPoint and Cygilant can make a difference."

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server Java platform, allowing an unauthenticated attacker to take control of SAP applications. "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency said in an advisory.

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server Java platform, allowing an unauthenticated attacker to take control of SAP applications. "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency said in an advisory.

Allscripts and Microsoft announced the extension of their long-standing strategic alliance to enable the expanded development and delivery of cloud-based health IT solutions. The five-year extension will support Allscripts' cloud-based Sunrise electronic health record, making Microsoft the cloud provider for the solution and opening up co-innovation opportunities to help transform healthcare with smarter, more scalable technology.

The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. Data Viper is the brainchild of Vinny Troia, a security researcher who runs a cyber threat intelligence company called Night Lion Security.

"HPE was an early mover in identifying the opportunity at the edge and that trend is accelerating in a post-COVID world," said Antonio Neri, president and CEO of HPE. "With this acquisition we are accelerating our edge-to-cloud strategy to provide a true distributed cloud model and cloud experience for all apps and data wherever they live. Silver Peak's innovative team and technology bring critical capabilities that will help our customers modernize and transform their networks to securely connect any edge to any cloud." "Bringing together Silver Peak's advanced SD-WAN solutions with Aruba's industry leading networking portfolio provides an unprecedented opportunity to deliver comprehensive business-driven solutions to our customers," said David Hughes, founder and CEO of Silver Peak.

With global operations and offices in Silicon Valley, Ghent, Nuremberg and Singapore, SIGOS has been offering its customers active end-to-end domestic and roaming testing solutions to improve network security and service quality for mobile networks since 1989. "We are excited to partner with SIGOS and support them in the next phase of growth. As we continue to grow Mobileum, both organically and inorganically, the addition of SIGOS' strong product portfolio and unique testing infrastructure, as well as their great technical expertise and customer footprint will help us to expand the depth and breadth of our offerings, and to further strengthen the value proposition for our customers."

Ava, a unified security company, announced former Cisco Senior Vice President, Rick Snyder, has joined the company's Board of Directors. "Rick has a history of building strong industry relationships. At this juncture in Ava's lifecycle, building strategic partnerships is vital to our long-term market position and our ability to provide our customers with the best solutions on the market," said Fredrik Halvorsen, Chairman and Co-founder, Ava.

A newly identified version of the Mirai Internet of Things botnet includes an exploit for a vulnerability impacting Comtrend routers. According to Trend Micro's security researchers, this is the first botnet version to target CVE-2020-10173, a vulnerability in the Comtrend VR-3033 routers.

TrickBot, the infamous info-stealing trojan, has been trying out a test module that accidentally pops up fraud alerts to victims. A sandboxed sample of the trojan, obtained by MalwareHunterTeam and analyzed by Advanced Intelligence's Vitali Kremez, turns out to contain a new module, called "Module 0.6.8," that carries the file name "Grabber.dll." It works to log browser activity and steal passwords used in Google Chrome, Internet Explorer, Mozilla Firefox and Microsoft Edge, and it sniffs out browser cookies - just like other grabber modules used by TrickBot.