Security News > 2021 > September

Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. OpenSSL has been configured for wider compatibility, allowing the use of legacy protocols, meaning that Kali can now talk to older, legacy systems that use them.

Brits are too polite to tell phone scammers to "Get stuffed", "Take a hike" or "Sling yer 'ook" when they impersonate so-called "Trusted organisations" such as banks. That's according to the trade association UK Finance, which found that the number of "Impersonation scam cases" more than doubled in the first half of 2021 to 33,115 - up from 14,947 during the same period last year.

Google has addressed two zero-day security bugs that are being actively exploited in the wild. Google is restricting any technical details "Until a majority of users are updated with a fix," it said.

An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus on victims' computers to evade detection. According to Microsoft's stats, Microsoft Defender Antivirus is the anti-malware solution pre-installed on more than 1 billion systems running Windows 10.

Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. A five-year longitudinal study found that nearly one out of every two on-premises databases globally - 46 percent - is vulnerable to attack, given that it has at least one unpatched vulnerability.

A former Army reservist was just sentenced to 46 months in prison and ordered to pay nearly $2 million in penalties and restitution, after pleading guilty to scamming dozens of people online, including the elderly and a veteran's organization for Marines. "Among the many victims of the internet scams facilitated by Joseph Asan Jr. were elderly women and men who were callously fooled into believing they were engaging online with potential romantic interests," Manhattan U.S. Attorney Audrey Strauss said.

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac. Apple has pushed out an update for most of its major products to protect them from a strain of spyware that has already targeted a number of people.

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.

Japanese technology giant Olympus is currently investigating a cyber incident on its EMEA IT systems that happened earlier this month that sources said is the result of a BlackMatter ransomware attack. It appears Olympus was the victim of the BlackMatter ransomware group, one of the cybercriminal organizations that's risen to prominence after other purveyors of ransomware like DarkSide, REvil and Ragnarok shut down operations, according to a report in TechCrunch.

Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions. The security flaw was found in a driver used by the OMEN Gaming Hub software that comes pre-installed on all HP OMEN desktops and laptops.