Security News > 2021 > May

Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December. HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.

A Fujitsu project management suite is causing red faces at the Japanese company's HQ after "Unauthorised access" resulted in data being stolen from government agencies, local reports say. The firm's ProjectWEB tool was reportedly accessed by an unidentified "Third party" who helped themself to data from, among others, Japan's Ministry of Foreign Affairs, its Cabinet Office Cyber Security Centre and the Ministry of Land.

If we move too fast, while attempting to shift to the cloud, we will create more issues. Urgently configured cloud migrations make my job a breeze, especially when we're taking solutions that weren't secured well in the first place, to a new cloud environment.

Email protection company Material Security this week announced that it raised $40 million in Series B funding, which brings the capital raised by the firm to date to $62 million. Founded in 2017, the Redwood City, California-based company is focused on protecting email accounts both before and after compromise.

Banks use such devices with "Whales" and "Corporates" as well as Jo Average and her personal bank/cheque account. The banks actually do not care as others have noted for years, they have "Externalised the risk" and done so "At the lowest possible cost".

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi, who has identified many vulnerabilities in industrial systems over the past years.

The team behind the popular pentesting Kali Linux distro has released Kaboxer, a tool to help penetration testers use older applications that don't work on modern operating systems, apps that need to run in isolation, and applications that are hard to package properly. "We hope to start to include more tools into Kali Linux that were previously not packable, and have you not realize that you are using them via Kaboxer," the team noted.

Privacy organisations on Thursday complained to regulators in five European countries over the practices of Clearview AI, a company that has built a powerful facial recognition database using images "Scraped" from the web. While Clearview touts its technology's ability to help law enforcement, its critics say facial recognition is open to abuse and could ultimately eliminate anonymity in public spaces - pointing to cases like China's massive public surveillance system.

Over the past year, an Iran-linked threat actor named Agrius has been observed launching destructive attacks on Israeli targets, under the disguise of ransomware attacks, according to endpoint security company SentinelOne. Likely state-sponsored, the threat group initially engaged in cyberespionage attacks, but then attempted to extort victims, claiming to have exfiltrated and encrypted data.

Yor is an open-source tool from Palo Alto Networks that automatically tags cloud resources within infrastructure as code frameworks such as Terraform, Cloudformation, Kubernetes, and Serverless Framework. Yor helps security teams trace a security misconfiguration from code to cloud, automates the tedious work of manually tagging cloud resources, and enables highly effective GitOps across all major cloud providers.