Security News > 2021 > June

A cross-site scripting vulnerability patched last year in Cisco's Adaptive Security Appliance and Firepower Threat Defense software has reportedly been exploited in the wild. Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept exploit for the vulnerability tracked as CVE-2020-3580.

The National Telecommunications and Information Administration has been busy issuing technical documentation, corralling industry feedback, and proposing the use of existing formats for the creation, distribution and enforcement of SBOMs. This flurry of activity has sent cybersecurity buyers and sellers scrambling to understand the downstream ramifications but, for Sounil Yu, a security veteran with leadership stints at Bank of America, YL Ventures and now JupiterOne, the energy around SBOMs is long overdue. Robert M. Lee, co-founder and chief executive at industrial cybersecurity vendor Dragos, agrees that SBOMs could provide major benefits to both buyers and sellers but cautioned that it will be "Extraordinarily hard to operationalize" once SBOMs identify weaknesses deep in the chain.

Personal news reader NewsBlur was down for several hours last week after a hacker managed to wipe the service's database. The hacker was able to gain access to the database while the RSS reader was being transitioned to Docker, which circumvented some firewall rules and opened the NewsBlur MongoDB database to the public.

Amazon Web Services announced the AWS BugBust Challenge, a global competition for developers to collectively eliminate one million software bugs. With just a few clicks, developers from around the world can join the challenge by creating an AWS BugBust event for their organization in the Amazon CodeGuru console-and compete for prizes and prestige by identifying and fixing bugs in their applications.

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506, the weakness stems from a universal cross-site scripting issue that's triggered when automatically translating web pages using the browser's built-in feature via Microsoft Translator.

Since big data consists of structured and unstructured data which is constantly growing in size, common software doesn't have the ability to process and manage it. To select a suitable big data solution for your business, you need to think about a variety of factors.

Most ransomware attacks are opportunistic, and at the end of the day, cybercriminals do not discriminate. If the answer is yes, communication with and ransom payments to the attacker is prohibited.

IoT is advancing the technical lives of millions, with the network of connected devices becoming more populated with each passing year. As a result, networking issues such as packet loss and jitter can dramatically impact how well IoT devices perform.

Google recently unveiled the next evolution of Google Workspace, including new security and privacy capabilities to help users take advantage of trusted, cloud-native collaboration. How does Google Workspace help the remote workforce stay secure?

According to a report released by Honeywell, USB threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew. USB devices leading to OT critical business disruption.