Security News > 2021 > January

An undisclosed Cross-Site Scripting vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project. Govt sites using Apache Velocity Tools vulnerable to XSS. Apache Velocity Tools has an undisclosed XSS vulnerability, which impacts all its versions despite a fix having been published on GitHub months ago.

Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters. Images have also been used for ages as a way to circumvent an email's textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.

In particular, eCommerce transactions in the retail sector increased 31 percent and the gaming sector increased 90 percent, comparing December 2020 with December 2019. The UK saw an increase in transactions of 28 percent and the US of 14 percent from January through December 2020 compared to the same period in 2019.

These changes are pushing enterprises to transform and enable new use cases that are critical in supporting and optimizing enterprise business processes to improve business efficiency. Given the strong demand for connectivity, the potential revenue for 5G enterprises in the region is expected to grow exponentially, reaching $13.9 billion by 2024 from $2 billion in 2019, at a staggering 46.4% compound annual growth rate.

With an inherent emphasis in "Privacy-by-default", Hoplite Technology announced the new launch of a free anti-phishing solution named Anti-Phishing Bot to protect everyday users against phishing attacks. Due to the lack of ways to verify the identity of the senders, everyday users without technical trainings will often find it difficult to distinguish a phishing attack as the red flags are hidden in different parts of an email.

Ring announced the launch of video End-to-End Encryption for compatible Ring Doorbells and Cams, providing an advanced, opt-in security feature for customers who want to add an additional layer of security to their videos. With video End-to-End Encryption, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer's enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device.

Twenty20 Solutions announces its launch of enhanced Artificial Intelligence technology with advanced visual detection and classification capabilities designed to maximize operational efficiency for its customers. The company unveiled an expanded technology roadmap that includes new AI-enabled analytics to drive higher levels of visibility, security and automation.

Oracle is making its APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily. Oracle APEX Application Development expands on two decades of APEX functionality already used by 500,000 developers as an easy-to-use, browser-based service for creating modern Web and mobile apps.

Skyworks Solutions announced a significant milestone with the shipment of over 1 million of its SKY66318-21 power amplifier, the industry's first high efficiency small cell PA with a bandwidth of 200 MHz at +28 dBm. To demonstrate the benefits of this exciting new technology, Skyworks also collaborated with Xilinx, Inc. to showcase the spectral and power efficiency achievable using the SKY66318-21 PA in 5G infrastructure applications during the CES 2021 Show.

Uptycs announced its advanced cloud security and compliance offering. The Uptycs Security Analytics Platform now provides its customers security and compliance for their AWS deployments.