Security News > 2021 > May

WP Statistics, a plugin installed on more than 600,000 WordPress websites, has an SQL-injection security vulnerability that could let site visitors make off with all kinds of sensitive information from web databases, including emails, credit-card data, passwords and more. WP Statistics, as its name suggests, is a plugin that delivers analytics for site owners, including how many people visit the site, where they're coming from, what browsers and search engines they use, and which pages, categories and tags have the most visits.

The Federal Bureau of Investigation says the Conti ransomware gang has attempted to breach the networks of over a dozen U.S. healthcare and first responder organizations. "The FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year," the FBI Cyber Division said.

Prosecutions under the UK's Computer Misuse Act dropped by a fifth in 2020 even as conviction rates soared to 95 per cent during the year of the pandemic, new statistics have revealed. This week's conviction statistics also showed that the most common CMA crime taken to court was the offence of "Unauthorised access to computer material", accounting for 33 of the year's total of 45 prosecutions under the Act.

QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage devices. "The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3," the Taiwan-based NAS appliance maker said in a security advisory issued today.

Multiple companies that develop industrial systems are assessing the impact of two new OPC UA vulnerabilities on their products, and German automation technology firm Beckhoff is the first to release a security advisory. NET based OPC UA client/server SDK. The OPC Foundation released a patch in March.

Google Chrome has suddenly started crashing yesterday for many Windows users worldwide making the browser unusable. As first reported by Windows Latest, starting yesterday morning, users began reporting that Google Chrome extensions and tabs suddenly began crashing while using the browser.

Microsoft this week announced the availability of SimuLand, an open source tool that enables security researchers to reproduce attack techniques in lab environments. The purpose of SimuLand, Microsoft says, is to help understand the behavior and functionality of threat actors' tradecraft, to find mitigations and validate existing detection capabilities, and to identify and share data sources relevant to adversary detection.

Most cryptocurrencies have been designed by technical geeks to replace just one specific type of value transfer system "Fiat money". Put simply before we had the relatively modern banking system we have today there was a finaning system for traders that was in effect a trust system.

An email campaign is delivering a Java-based remote access trojan that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence team has outlined details of a "Massive email campaign" delivering the StrRAT malware that they observed last week and reported in a series of tweets earlier this week.

A cybersecurity attack on the city of Tulsa's computer system was similar to an attack on the Colonial Pipeline and that the hacker is known, officials said Thursday. Bynum said Tulsa's computer security system identified the attack and shut down the system before it was infiltrated.