Security News > 2021

Join Intel on Wednesday, March 10, at SecurityWeek's Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel's experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.

An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. As Kottmann told BleepingComputer on more than one occasion, most of the repositories had been copied because of misconfigured resources that allowed easy access.

The SolarWinds breach has affected a host of government agencies and organizations around the world with a sophisticated attack that exploited vulnerabilities in the Orion network management software. Whether or not your organization was directly affected, your cybersecurity posture may shift as a result of the attack.

The European Banking Authority has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants.

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can't find an update path to a supported version.

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent...

GitHub on Monday informed users that it had discovered what it described as an "Extremely rare, but potentially serious" security bug related to how some authenticated sessions were handled. A second patch was released on March 8 and on the evening of the same day the company decided to invalidate all authenticated sessions to completely eliminate the possibility of exploitation.

Last week, we argued over whether or not the media, including El Reg, should stop using the word hacker as a pejorative. The original meaning of hacker and hacking, in the context of computing, didn't denote criminality nor ill-intent, and referred to an avoidance of a standard solution.

announced a global call for speakers for its 11th annual² Security Congress conference, which will take place this year from October 18-20. Submissions will be accepted until April 19 at 11:59 p.m. PST. Geared toward a global audience, the conference focuses on cybersecurity challenges across many regions and provides best-practice sharing, continuing education and networking opportunities for information security professionals.

Vulnerabilities identified in offline finding - Apple's proprietary crowd-sourced location tracking system - could be abused for user identification, researchers said in a report released this month. With "Hundreds of millions" of devices part of Apple's OF network, this represents the largest crowd-sourced location tracking system in the world, one that is expected to grow even further, as support for non-Apple devices is added to it.