Security News > 2021 > May

Hewlett Packard Enterprise is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer's cloud infrastructure. Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE's Edgeline Infrastructure Manager prior to version 1.21.

Before you can use a camera app in Windows 10 you have to allow access to the camera itself. This how-to tutorial shows you how to access camera settings in Windows 10 and how to grant permission to access a camera to specific apps.

Cybercriminals are increasingly sharing, developing and deploying deepfake technologies to bypass biometric security protections, and in crimes including blackmail, identity theft, social engineering-based attacks and more, experts warn. A drastic uptick in deepfake technology and service offerings across the Dark Web is the first sign a new wave of fraud is just about to crash in, according to a new report from Recorded Future, which ominously predicted that deepfakes are on the rise among threat actors with an enormous range of goals and interests.

Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.

Embattled VPN technology vendor Pulse Secure on Monday updated an "Out-of-cycle" advisory with patches for four major security vulnerabilities, including belated cover for an issue that's already been exploited by advanced threat actors. When Pulse Secure released its initial advisory for the bug on April 20, FireEye reported seeing this and three other Pulse Secure VPN appliance vulnerabilities being exploited as an initial access vector by at least two sophisticated threat actors.

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Using the increasingly popular, efficient and easy-to-use Rust programming language will help the malware to slip past detection, Proofpoint researchers said in a post on Monday morning.

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. A day later, US Cybersecurity and Infrastructure Security Agency issued an emergency directive ordering federal agencies to mitigate the vulnerability within two days by disabling the Windows File Share Browser and Pulse Secure Collaboration features.

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people's bitcoins up so that it was hard to figure out where any individual coins came from.

Microsoft quietly revealed its plans to remove the Adobe Flash plugin from Windows 10, with mandatory removal starting in July 2021. In a quiet update to their end of support for Adobe Flash blog post, Microsoft has outlined their further plans on how they will begin distributing the Windows 10 KB4577586 update.

ENSCO, which provides aerospace, national security, rail and cybersecurity solutions to governments and private companies worldwide, has acquired Exostrategies, a firm that provides professional services, including risk management, to the U.S. government. Critical event management provider Everbridge announced the acquisition of incident response and management company xMatters for $240 million in cash and stock.