Security News > 2021 > September

Apple's digital wallet Apple Pay will pay whatever amount is demanded of it, without authorization, if configured for transit mode with a Visa card, and exposed to a hostile contactless reader. Boffins at the University of Birmingham and the University of Surrey in England have managed to find a way to remove the contactless payment limit on iPhones with Apple Pay and Visa cards if "Express Transit" mode has been enabled.

Google has pushed out an emergency Chrome update to fix yet another pair of zero days - the second pair this month - that are being exploited in the wild. On Thursday evening, the web Goliath released the Chrome 94.0.4606.71 stable channel release for Windows, Mac and Linux to fix the two zero-days, which were included in an update with a total of four security fixes.

Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. This cumulative update is part of Microsoft's September 2021 monthly "C" update, allowing Windows users to test the upcoming fixes before they are automatically deployed in the forthcoming October 2021 Patch Tuesday.

Taiwan-based network-attached storage maker QNAP has released security patches for multiple vulnerabilities that could allow attackers to inject and execute malicious code and commands remotely on vulnerable NAS devices. Three of the security flaws fixed today by QNAP are high severity stored cross-site scripting vulnerabilities affect devices running unpatched Photo Station software.

Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers. "Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild," Google disclosed in the list of security fixes fixed in today's Google Chrome release.

Reports that the military has started outfitting firearms with RFID tags for tracking have raised security alarms. The Department of Defense, the Marines and the Navy have already rejected the RFID tagging tech for that specific reason, according to the AP. However, five Air Force bases are operating at least one RFID armory, along with a Florida-based Green Beret unit that uses RFID in what officials said were a "Few" armories.

Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent. The malware looks and acts the part of a legitimate antivirus solution specially created to scan the system for traces of Pegasus traces and to remove them.

If you're looking for one of the best vulnerability scanners on the market, Nessus might be the ticket. Nessus is a very popular vulnerability scanner used by tens of thousands of organizations across the globe.

Someone claiming to be a former contractor for the REvil ransomware gang has given an interview to a security firm, saying he struggles to sleep at night but isn't ashamed of what he does. "In the normal world, I was called a contractor - doing some tasks for many ransomware collectives that journalists consider to be famous," said the threat actor, using the handle Antivirus.

" Guess what? iOS 12 wasn't dead, it was just resting. Researchers rediscover an Outlook data leakage issue.