Security News > 2021 > August

The maintainers of Python Package Index last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the Homebrew Cask repository and Cloudflare's CDNJS library.

Retailers have not only had to contend with the business disruption resulting from the COVID-19 pandemic, but they have also experienced increased security risks in the work-from-anywhere environment that has accelerated their transition to the cloud, according to independent research conducted by Pulse. The majority of respondents are in alignment that achieving zero trust, reducing cost and complexity, and enabling a predictable user experience are the forces driving their network security posture in 2022.

NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar. Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with telemetry data pointing to malicious actions as early as April 2020, according to Cisco Talos.

Nearly two-thirds of network managers, network architects, and network engineers said their organizations have hired dedicated network automation engineers to transition to network operations. NetOps 2.0, the current iteration, embeds a growing amount of automation, virtualisation, and orchestration to improve the speed and accessibility of networking operations.

Today, most companies rely on manual processes and good intentions to ensure proper SaaS security management, but that is not enough. The AppOmni SaaS Security Management platform, which offers a full suite of SaaS security posture, protection, and monitoring capabilities, covers the most widely adopted and business-critical SaaS applications on the market including Salesforce, ServiceNow, Microsoft 365, Microsoft Teams, GitHub, Workday, Box, Slack, and Zoom.

Confidence that quantum computers will solve major problems that are beyond the reach of traditional computers-a milestone known as quantum advantage-has grown fast in the past twelve months, according to a new report by Boston Consulting Group. Investors are moving aggressively to increase the amount they allocate to quantum computing, with two-thirds of all equity investments in the field coming since 2018.

Moving from one cloud to another cloud is too much hassle, main pain points in cloud migration are implementation, downtime, teams struggle and fear of data loss. To ease the process and mitigate the risk of data loss, SysTools has introduced SysTools Cloud Migration Service and it gives smooth and frictionless data migration experience to SysTools customers.

DSM SaaS provides the complete proven capabilities of the Fortanix on-premises solution and is the multicloud data security solution certified to the rigorous FIPS 140-2 Level 3 standard. Available immediately on demand, DSM SaaS is a path for organizations to achieve the highest levels of data security for public cloud, SaaS, hybrid cloud, and on-premises applications.

An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number.

5G technology requires time sources to be synchronized throughout a packet-switched network ten times more accurately than 4G requirements. "Our newest ZL3073x/63x/64x network synchronization platform implements sophisticated measure, calibrate and tune capabilities, thereby significantly reducing network equipment time error to meet the most stringent 5G requirements," said Rami Kanama, vice president of Microchip's timing and communications business unit.