Security News > 2021 > May

Pulse Secure has issued a workaround for a critical remote-code execution vulnerability in its Pulse Connect Secure VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges. May: Earlier this month, a critical zero-day flaw in Pulse Secure's Connect Secure VPN devices was being used by at least two advanced persistent threat groups, likely linked to China, to attack U.S. defense, finance and government targets, as well as victims in Europe.

"Shift left refers to moving security sooner in the development process," mentioned this CheckPoint website. "Additionally, a tighter integration of security throughout the process leads to better security outcomes, versus tacking it on at the end."

Unsophisticated threat actors - in many cases motivated by financial gain - have increasingly targeted internet-exposed operational technology systems, according to research conducted by Mandiant, FireEye's threat intelligence and incident response unit. While in many cases OT systems - particularly ones used for critical processes - are not exposed to the internet, many industrial systems are connected to the internet and these connected systems have been increasingly targeted by hackers who are in most cases not sophisticated and don't have many resources.

Bose Corporation last week started sending out breach notification letters to inform some individuals of personal data being compromised in a cyberattack identified on March 7. The cyber incident, Bose says, resulted in ransomware being deployed across the company's environment, and in systems being taken offline, to contain the attack.

Walmart apologizes for a burst of offensive and racist Walmart.com registration emails sent to thousands of people yesterday. Starting at approximately 2 AM EST yesterday, people worldwide began receiving new user registration emails from Walmart.com where the member name was a racist slur.

Today, Cato Networks has released an analysis of the network flows across its platform during Q1, 2021, seeking anomalous behavior in approximately 200 billion traffic flows during Q1, 2021. "Blocking network traffic to and from 'the usual suspects' may not necessarily make your organization more secure," comments Etay Maor, senior director of security strategy at Cato Networks.

If the Pentagon's Cyber Command launches an online attack and nobody knows about it, does it deter anyone? Many Americans are asking what the country's army of cyber warriors are doing after repeated attacks on US computer systems by Chinese, Russian and other hackers.

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone's computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability-discovered by researchers at enterprise cybersecurity firm Jamf- in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks. The flaws, discovered by researchers at France's national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.

A zero-day vulnerability that allowed XCSSET malware to surreptitiously take screenshots of the victim's desktop has been fixed by Apple on macOS 11.4 on Monday. The XCSSET malware and its CVE-2021-30713 exploitation.