Security News > 2021 > July

Window of Exposure is Expanding and Hackers Know Exactly Where to Strike
2021-07-30 13:57

The remediation of application vulnerabilities is declining; the time it takes to fix critical vulnerabilities is growing; and the window of exposure available to hackers is expanding. When these details are combined with no change to the type of vulnerabilities that continue to be prevalent, the result is that hackers know exactly where to focus their attacks, and they have more time to do so.

Google to block logins on old Android devices starting September
2021-07-30 12:59

Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 and lower. "As part of our ongoing efforts to keep our users safe, Google will no longer allow sign-in on Android devices that run Android 2.3.7 or lower starting September 27, 2021," Android Help Community Manager Zak Pollack explained.

Remote Code Execution Flaws Patched in WordPress Download Manager Plugin
2021-07-30 12:40

A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns. Tracked as CVE-2021-34639 and having a CVSS score of 7.5, the bug is an authenticated file upload issue that could have allowed attackers to upload files with php4 extensions, as well as files that could be executed if certain conditions were met.

PyPI packages caught stealing credit card numbers, Discord tokens
2021-07-30 12:18

The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.

Microsoft shares mitigation for recent Windows Server printing issues
2021-07-30 12:00

Microsoft has released temporary mitigation info for a known issue that might cause print and scan failures on multiple Windows Server versions after installing July 2021 security updates on domain controllers. If the known issue still appears on up-to-date devices, affected customers should contact the device manufacturer and ask for setting changes or updates to make the printer or scanner compliant with CVE-2021-33764 hardenings deployed via July Windows 10 security updates.

Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks
2021-07-30 11:57

Microsoft has shared more information on how organizations can protect Windows domain controllers and other Windows servers against potential PetitPotam attacks. PetitPotam is the name assigned to a vulnerability that can be exploited by an unauthenticated attacker to get a targeted server to connect to an arbitrary server and perform NTLM authentication.

Storing Encrypted Photos in Google’s Cloud
2021-07-30 11:34

Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user's credentials give attackers unfettered access to all of the user's photos.

21-Year-Old Woman Pleads Guilty to Sending Phishing Emails to Political Candidates
2021-07-30 11:07

A 21-year-old Rhode Island woman has pleaded guilty to targeting candidates for political office and their campaign staff with phishing emails. The woman, Diana Lebeau, of Cranston, R.I., admitted in court to sending phishing emails to roughly 22 members of the campaign staff of a political candidate, posing as the campaign's managers or co-chairs.

S.Africa's Port Terminals Restored Following Cyber-Attack
2021-07-30 10:42

Operating systems have been restored at South Africa's state-owned logistics firm, the company said Thursday following a cyber-attack last week that hit the country's key port terminals. The attack began on July 22 and lasted for days, forcing Transnet to switch to manual systems.

HTML smuggling is the latest cybercrime tactic you need to worry about
2021-07-30 10:00

Menlo shared the news along with its discovery of an HTML smuggling campaign it named ISOMorph, which uses the same technique the SolarWinds attackers used in their most recent spearphishing campaign. The ISOMorph attack uses HTML smuggling to drop its first stage on a victim's computer.