Security News > 2021 > September

Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software vulnerability with public proof-of-concept exploit code.CVE-2021-34746 is caused by incomplete validation of user-supplied input passed to an authentication script during the sign-in process which allows unauthenticated, remote attackers to log into unpatched device as an administrator.

Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware. "We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents," Autodesk said in a recent 10-Q SEC filing.

Apple has unveiled the first eight states that will roll out digital IDs and drivers licenses on its mobile devices, despite critics' concerns that the introduction of purely digital forms of identification will raise privacy, security and equanimity issues. To assuage security fears that come with storing people's identity on its devices, Apple is asserting that state DLs and IDs stored in Wallet on iPhone and Apple Watch will "Take full advantage of the privacy and security" built into the devices, the company said.

More details about a now-patched vulnerability in Comcast's XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency communications between the remote and the set-top box, effectively turning the remote into a surveillance device. The XR11 remotes are some of the most common around, with more than 18 million scattered across homes in the U.S. A man-in-the-middle attack conducted by researchers at Guardicore, dubbed "WarezTheRemote," allowed the team to listen in on conversations from up to 65 feet away.

Ransomware gangs may take advantage of upcoming holidays and weekends to hit US organizations, the FBI and the CISA have warned.Using the recent Colonial Pipeline, JBS, and Kaseya ransomware attacks as examples - since they happened in the lead-up to or during Mother's Day weekend, Memorial Day weekend and the Fourth of July holiday weekend, respectively - the agencies note that organizations should be aware of these new tactics and prepare to counter them.

Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a "Colossal ransom demand" after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil.

It is vital to ensure passwords are not found in a breached password database as breached password lists are used to crack passwords extracted using the AS-REP Roasting attack. Enforcing effective password policies and using a breached password protection solution for Active Directory is essential to ensure your environment is not vulnerable to Kerberos attacks such as AS-REP Roasting.

Cyber attacks against critical national infrastructure are escalating. The most frequently-discussed aspect of critical infrastructure events are availability impacts: stopping or interrupting a process or organization.

Are there compliance requirements I must meet, such as PCI HSM? Do my applications require a specific cryptographic interface, such as PKCS #11, Java, or Microsoft CNG? How many different applications in my ecosystem require HSMs? Can I use multitenancy or HSM virtualization to reduce my overall rack footprint and cost? Do my applications use public clouds such as AWS, Azure, or Google? If so, will a cloud HSM or cloud payment HSM meet my needs?

The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. "Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.