Security News > 2021 > June

Germany-based industrial solutions provider Phoenix Contact last week informed customers that a total of 10 vulnerabilities have been identified across several of the company's products. According to advisories published by Phoenix Contact and Germany's , which coordinates cybersecurity issues related to industrial automation, the vulnerabilities were reported to the company by various researchers and companies.

Healthcare data management provider HealthVerity this week announced that it has raised $100 million in Series D funding, which brings the total raised by the company to $142 million. Founded in 2014, the Philadelphia-based company provides the IPGE platform, which healthcare enterprises and pharmaceutical companies can use to access and manage healthcare data.

Malvuln has catalogued hundreds of vulnerabilities discovered in malware, and while the project has yet to actually prove useful to anyone, its developer is not discouraged. Malvuln, an interesting project of security researcher John Page, catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited.

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday. Researchers in the ethical-hacking community Detectify Crowdsource identified the flaw in the CRX Package Manager component of Adobe's AEM. AEM is an enterprise-class tool for creating and managing websites, mobile apps and online forums.

Google is announcing two new security measures aimed at minimizing the number of malicious / potentially unwanted apps available for download from the Google Play Store: additional Android developer identification requirements and 2-step verification. To be able to do it, they must either hijack an existing Google Play developer account or create a new one and associate an email address and phone number with it.

The UN Security Council on Tuesday will hold its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries' key infrastructure, an issue Joe Biden recently raised with his Russian counterpart Vladimir Putin. Tuesday's meeting, called by Estonia which heads the Council for the month of June and is a leader in the fight against hacking, is itself being held online, at a ministerial level.

The UK's financial watchdog has fired a warning shot across the bow of Binance, and ordered it to place a notice on binance.com scaring off Brit crypto fans. This seems to have come about because Binance, which is ultimately based in the Cayman Islands, wanted to launch an exchange in the UK using its London-based affiliate Binance Markets Ltd. Since the start of the year, cryptocurrency firms in Britain have had to register with the nation's Financial Conduct Authority and meet its anti-money-laundering and anti-terrorism-funding requirements.

SentinelOne on Monday updated the terms of its initial public offering, and the endpoint security company is now hoping to raise over $1 billion. SentinelOne filed for an IPO in early June and in an amendment made to its S-1 registration statement on June 21 the company revealed that it's offering 32 million shares of its Class A common stock.

Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept exploit code last Thursday via Twitter.

The use of Cobalt Strike - the legitimate, commercially available tool used by network penetration testers - by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now "Gone fully mainstream in the crimeware world." "Based on our data, Proofpoint assesses with high confidence that Cobalt Strike is becoming increasingly popular among threat actors as an initial access payload, not just a second-stage tool threat actors use once access is achieved, with criminal threat actors making up the bulk of attributed Cobalt Strike campaigns in 2020," the researchers wrote.