Security News > 2021 > September

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as CVE-2021-40847, the security weakness impacts the following models -.

Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited. It's a nasty flaw, as it's in the XNU kernel at the heart of Apple's operating systems including macOS and iOS. As Apple's advisory explains, that means "A malicious application may be able to execute arbitrary code with kernel privileges".

There is currently a shift in the marketplace, as DRaaS providers are increasingly interested in delivering their DRaaS solutions in hyper-scale cloud environments such as AWS or Azure, and not just in hosted environments in data centers. There is only one DRaaS provider with such a targeted offering, but more providers will soon have solutions available.

The Biden administration, in addition to using its convening power to cajole big tech to invest more in cybersecurity, also issued an Executive Order in May that sought to leverage the Federal government's purchasing power to drive greater software security. The most visible implementation action so far has been the guidance on security measures for federal agency use of critical software developed by NIST. While not groundbreaking in substance - the guidance amounts to an index of best practices citing previous federal advisories - the list will help federal agency CIOs ensure they have addressed key software supply chain risks.

The need to remain competitive and cater to increased user demands has prompted a 15% jump to 37% of companies saying they plan to move business-critical applications to the cloud in 2020-21, compared to the previous year. Despite security concerns, IT infrastructure is being moved to the cloud.

Enterprises worldwide continue to migrate from proprietary, licensed software to software-as-a-service subscriptions as they seek innovation, better user experience and lower cost, according to a report published by Information Services Group. The report on the global market finds enterprise SaaS demand rebounding from a slowdown caused by the COVID-19 crisis.

The global server market size is expected to reach $145.31 billion by 2028, according to ResearchAndMarkets. Such developments are expected to cause an increase in the average selling prices of servers, which is expected to subsequently benefit the market growth.

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service condition on vulnerable devices. The most severe of the issues is CVE-2021-34770, which Cisco calls a "Logic error" that occurs during the processing of CAPWAP packets that enable a central wireless Controller to manage a group of wireless access points.

A day after news broke about REvil having screwed their own affiliates out of ransomware payments - by using double chats and a backdoor that let REvil operators hijack ransom payments - those affiliates took to the top Russian-language hacking forum to renew their demands for REvil to fork over their pilfered share of ransom payments. REvil leadership was supposed to pocket the remaining 30 percent - and only that much - of ransom payments, in exchange for providing the ransomware payload that the affiliates use to seize control of victims' data and systems.

If you've already listened to this week's Naked Security Podcast you'll know that we had finally concluded that iOS 12, the version before the version before the latest-and-greatest iOS 15, which arrived this Monday. So when iOS 14 got updated in the last couple of patch cycles, but iOS 12 didn't, we couldn't tell whether it was still safe and didn't need the patches, whether it needed the patches but they'd be a bit late, or whether it needed the patches but would never get them.