Security News > 2021 > March

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence. Formerly known as Official Facebook Pixel, the Facebook for WordPress plugin is used on more than 500,000 sites, allowing administrators to capture actions that visitors take when interacting with the page.

SolarWinds CEO Sudhakar Ramakrishna is making changes at the board level and in daily operations to change the company's security mindset. This project is designed to build security into the design phase of software development and to make security an ongoing instead of an after-the-fact priority.

Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks. This week's alert, the company underlines, has been published after a growing number of users reported that their devices have been targeted in brute-force attacks.

Microsoft has released the Windows 10 1909 KB5000850 cumulative update preview and a new KB5001205 Servicing Stack Update that resolves a Secure Boot vulnerability. The KB5001205 Servicing Stack Update will automatically be installed by Windows Update to improve the update experience.

A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service attacks, mobile network security company AdaptiveMobile Security warned this week. AdaptiveMobile Security discovered that the architecture of 5G network slicing has a serious flaw that can expose the customers of mobile operators to various types of attacks.

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software.

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely. The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions.

A cybersecurity researcher who specializes in industrial control systems has identified three types of critical vulnerabilities in products made by human-machine interface manufacturer Weintek. The vulnerabilities can be exploited by a remote, unauthenticated attacker for code execution with root privileges, to remotely access sensitive information and conduct actions on behalf of an admin, and to execute malicious JavaScript code via a stored XSS flaw.