Security News > 2021 > April

Flashpoint announces the addition of key leaders-Christina Cravens, SVP Marketing, and Steven Cooperman, VP Public Sector-to strengthen Flashpoint's market and brand awareness worldwide and to execute on its flourishing public sector business. These leadership additions follow closely on the heels of Flashpoint's largest FUSE Spring 2021 customer conference, several innovative product releases and enhancements, and strong fiscal Q1 results that push Flashpoint towards its second consecutive year of near 50% growth, all while remaining cash flow positive since 2019.

Microsoft security researchers have discovered over two dozen critical remote code execution vulnerabilities in Internet of Things devices and Operational Technology industrial systems. Threat actors can exploit them to trigger system crashes and execute malicious code remotely on vulnerable IoT and OT systems.

Microsoft has taken a look at memory management code used in a wide range of equipment, from industrial control systems to healthcare gear, and found it can be potentially exploited to hijack devices. Drilling down to the nitty-gritty: Microsoft's Azure Defender for IoT security research group looked at memory allocation functions, such as malloc(), provided by real-time operating systems, standard C libraries, and software development kits all aimed at embedded electronics: that's Internet-of-Things devices, industrial control systems, and so-called operational technology.

A financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.

As Microsoft begins to utilize its Known Issue Rollback feature to release Windows 10 fixes quickly, users are discovering that modifying privacy settings may prevent these fixes from being installed. Microsoft routinely conducts experiments with Windows 10 users to determine if a feature is commonly used, if a change in a feature makes it more useful, or to introduce features to a small test population.

Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks. According to an advisory from Redmond's Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities affecting a wide range of IoT and operational technology devices the industrial, medical, and enterprise networks.

F5 Networks' Big-IP Application Delivery Services appliance contains a Key Distribution Center spoofing vulnerability, researchers disclosed - which an attacker could use to get past the security measures that protect sensitive workloads. In some cases, the bug can be used to bypass authentication to the Big-IP admin console as well, they added.

We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise.

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.

QNAP customers are once again urged to secure their Network Attached Storage devices to defend against Agelocker ransomware attacks targeting their data. In a security advisory published earlier today, the company says that its security team has discovered AgeLocker ransomware samples in the wild, with "The potential to affect QNAP NAS devices."