Security News > 2021 > April

Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found. There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.

The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. Despite any evidence of access to any databases with user info, Ubiquiti could not guarantee that user details had not been exposed.

The U.S. Department of Justice on Wednesday said that an Israeli national pleaded guilty for his role as an "Administrator" of a portal called DeepDotWeb, a "News" website that "Served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel, starting October 2013, in return for which they received kickbacks from the operators of the marketplaces in the form of virtual currency amounting to 8,155 bitcoins.

CAPTCHA farms have been around for over a decade, pretty much since CAPTCHAs first became a way to protect against bots. CAPTCHA requests will be sent from the bot to the farm through an API, and at the other end a human will be available to solve the test.

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook's Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, said.

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. As the name indicates, the idea is to "Slice" the original network architecture in multiple logical and independent virtual networks that are configured to meet a specific business purpose, which, in turn, dictates the quality of service requirements necessary for that slice.

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. As of July 2020, MobiKwik serves 120 million users and 3 million retailers across the country.

CI/CD pipelines have become the backbone of modern DevOps environments and a crucial component of most software companies' operations. Developers can build code, run tests, and deploy new versions of software swiftly and securely.

Wi-Fi kit-slinger Ubiquiti has suggested the attacker that accessed some of its cloud-hosted systems in January 2021 may have made off with source code and employee logins, not the customer data it initially warned could be in peril. Ubiquiti has not said when the external experts decided customer data was untouched.

has published the results of an online survey of 303 cybersecurity professionals from around the globe in which respondents compared their perception of the severity of the SolarWinds Orion software breach between when it was first reported and several weeks later as more information was revealed. Respondents also relayed how the breach has impacted their jobs, recommended changes to organizational security practices and provided lessons learned.