Security News > 2020 > December
A total of 46 vulnerabilities were addressed this week with the release of the December 2020 security updates for Android. A total of 33 flaws are patched as part of the 2020-12-05 security patch level.
On Tuesday, security firm FireEye revealed that it was hit by a state-sponsored cyberattack through which the attackers stole its Red Team tools, a collection of scripts, scanners, and techniques used to train clients on how to improve their security defenses. The attackers operated clandestinely using tactics that counter security defenses and examination, and ones that Mandia said were not seen by FireEye or its partners before.
SAP this week released eleven security notes as part of its December 2020 Security Patch Day, including four that were rated 'hot news. Featuring a CVSS score of 10, the most important of the notes addresses a missing authentication check vulnerability in SAP NetWeaver AS JAVA. Identified by security researchers at Onapsis, a firm that specializes in securing Oracle and SAP applications, the issue could allow an unauthenticated attacker to perform privileged actions over a TCP connection.
The European Medicines Agency responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website. The EMA is a decentralized agency for the European Union responsible for evaluating, monitoring, and supervising new medicines introduced to the EU. In a statement on their website, the European Medicines Agency has stated that they have suffered a cyberattack and are investigating with law enforcement.
The European Medicines Agency responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website. The EMA is a decentralized agency for the European Union responsible for evaluating, monitoring, and supervising new medicines introduced to the EU. In a statement on their website, the European Medicines Agency has stated that they have suffered a cyberattack and are investigating with law enforcement.
You're invited to join today's Threat Landscape webinar at 1PM ET. Join the live webinar to hear principal security researchers from Kaspersky's Global Research and Analysis Team present their annual analysis of the most significant changes of the APT threat landscape and predictions for 2021. Key findings from Kaspersky's annual review of advanced persistent threats.
Siemens and Schneider Electric on Tuesday informed customers about the availability of patches and mitigations for several potentially serious vulnerabilities affecting their industrial control system products. The new advisories describe vulnerabilities affecting the company's SICAM, SIMATIC, SIPLUS, LOGO! 8, SENTRON, SIRIUS, and XHQ products.
During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers' security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.
U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately. OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.
U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company's RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. "The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."