Security News > 2021 > May

Edmondson, who studies leadership, teaming and organizational learning, said in the article Psychological Safety and Information Security by Tom Geraghty, that she believes a lack of psychological safety results in a "Blame culture." Edmondson coined psychological safety and defines it as: "Where blame is not apportioned, but instead every mistake is treated as a learning opportunity, mistakes ultimately improve performance by providing opportunities to find the systemic causes of failure and implement measures for improvement." Mimecast, a company providing cloud cybersecurity services for email, data and web, appears to have incorporated Edmondson's concept of psychological safety into its message to customers-in particular, how security awareness can reduce human error and the need to blame anyone.

A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone's modem - gaining the ability to execute code, access mobile users' call histories and text messages, and eavesdrop on phone calls. That's according to Check Point Research, which said that the bug exists in the Qualcomm Mobile Station Modem Interface, which is known as QMI for short.

Microsoft has released Windows 10 Insider Build 21376 with a preview of a new default font for Windows 10 called 'Segoe UI Variable. For years, the default font family used in Microsoft branding and marketing materials has been Segoe, with the Segoe UI font sub-family used by the Windows operating system and other applications created by Microsoft.

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498, affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0.

We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it.

As reported by WindowsLatest, in the recent Windows 10 Insider 'Dev' builds, Microsoft has revamped many of these icons as part of their Sun Valley design refresh, expected to be released in Fall 2021. Dll icons from both Windows 10 20H2 and the latest Windows 10 Insider 'Dev' build.

Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information. The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.

Attackers can use a newly disclosed domain name server vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service attacks targeting authoritative DNS servers. In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried by regular users' web browsers when trying to connect to a specific website.

A European biomolecular research institute involved in COVID-19 research lost a week's worth of research data, all thanks to a Ryuk ransomware attack traced back to a student trying to save money by buying unlicensed software. Security researchers at Sophos described the attack in a report.

Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem chip. A vulnerability in Qualcomm's Mobile Station Modem chip- installed in around 30% of the world's mobile devices - can be exploited from within Android.