Security News > 2021 > July

Burgoon joined Fusion's Executive Leadership Team and is responsible for talent management, succession planning, organizational and performance management, diversity, and inclusion, and learning and development. Burgoon will report directly to Fusion's CEO, Mike Campbell.

McAfee Enterprise and FCN announced they have been awarded a contract from the U.S. Department of Veterans Affairs to provide several cybersecurity solutions. Under the five-year, $281 million contract, VA and the Veterans they serve will be protected by McAfee Enterprise's MVISION Endpoint Security, Data Loss Prevention Endpoint, and MVISION EDR. "As the administration's recent Executive Order on Improving the Nation's Cybersecurity emphasizes, our federal agencies need to move toward cybersecurity that is proactive rather than reactive, and VA is leading the way with these solutions," said Rob Lalumondier, Senior Director of Federal Civilian at McAfee Enterprise.

Microsoft has released the optional KB5004296 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes Windows 10 gaming issues that have been plaguing users since March. Windows users can install this update by going into Settings, clicking on Windows Update, and selecting 'Check for Updates.

Microsoft has released the optional KB5004296 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes Windows 10 gaming issues that have been plaguing users since March. Windows users can install this update by going into Settings, clicking on Windows Update, and selecting 'Check for Updates.

A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database. "During the searches, investigators found the downloaded photos from a database in the person's possession, along with the names and personal identification codes of the people," Oskar Gross, head of the police's cybercrime unit, said.

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects - EspoCRM, Pimcore, and Akaunting - that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor S?dkowski of Nokia and Trevor Christiansen of Rapid7 noted.

Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.

In a perfect world, CISA would laminate cards with the year's top 30 vulnerabilities: You could whip it out and ask a business if they've bandaged these specific wounds before you hand over your cash. According to the advisory, attackers are unlikely to stop coming after geriatric vulnerabilities, including CVE-2017-11882: a Microsoft Office remote code execution bug that was already near drinking age when it was patched at the age of 17 in 2017.

SSH holds fingerprints of your remote machines in the known hosts file. The SSH known hosts file contains fingerprints of the known machines you've logged into.

Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the "Fix list," and even by Apple's brisk and efficient bug-listing standards, the information published was thin. All we know is that Apple says that it "Is aware of a report that this issue may have been actively exploited".