Security News > 2021 > June

Multiple large organizations were found to be impacted by an authentication bypass in Adobe Experience Manager CRX Package Manager, according to a warning from security vendor Detectify. The Adobe Experience Manager is a content management solution used for the building of websites and mobile applications, while also allowing developers to manage marketing content and assets.

Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. The flaw stems from a universal cross-site scripting issue that's triggered when automatically translating web pages using the Edge browser's built-in Microsoft Translator feature: a feature through which the browser automatically prompts users to translate a webpage when the page is in a language other than those listed under the user's preferred languages in settings.

Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. DoubleVPN is a Russian-based VPN service that double-encrypts data sent through their service.

New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.

The Cabinet Office spaffed almost £300,000 on cybersecurity-related training for its staff in the last year - an eye-popping increase of almost 500 per cent on the year before. This is according to a Freedom of Information request by political think tank Parliament Street, which found the Cabinet Office lavished £274,142.

GreyNoise, which describes itself as an "Anti-threat intelligence" company, helps analysts distinguish between malicious and benign internet traffic and the alerts triggered by security defenses, allowing SOCs to differentiate between those events stemming from harmless internet 'noise' and those that have a malicious intent. "Security analysts are overwhelmed with alerts," comments GreyNoise founder and CEO Andrew Morris.

The top three priorities for tech professionals are improvement of security, cloud migration and automation to increase IT productivity, according to Kaseya's newly released 2021 IT Operations Report. The report surveyed nearly 1,000 IT professionals worldwide between April and May 2021 about their top priorities and challenges.

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence. First, the court should have access to the "Known Error Log," which should be part of any professionally developed software project.

Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person. Google Play, which provides access to millions of Android applications and games, has been abused by threat actors for the distribution of malware, and Google is looking for new ways to strengthen the security of both developers and users.

The number of spam calls, the number of people losing money to them and the total amount of money lost In the past year are all record setting. A study of U.S. residents has found that one in three say they've fallen victim to a phone scam in the past year, and 19% say they've been duped more than once.