Security News > 2021

Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. Palfinger is a leading maker of crane and lifting solutions commonly used for construction, and land and sea lifting, loading, and handling solutions.

ProtonVPN is working on fixing a bug causing Windows blue screen crashes affecting customers using the latest versions of the company's Windows client software. "We have received reports that in particular circumstances the latest versions of ProtonVPN Windows clients might lead to Blue Screen crashes in Windows, due to a conflict with certain antiviruses," ProtonVPN said.

The Australian Securities and Investments Commission has admitted one of its servers was accessed without sanction and may have been digitally pawed by miscreants. The attack involved a server containing documents associated with Australian credit applications and the commission warned that "Some limited information may have been viewed by the threat actor." ASIC was at pains to add that it hadn't seen evidence of the forms and attachments being opened or downloaded.

A cross-site request forgery vulnerability in the Cisco Digital Network Architecture Center could open enterprise users to remote attack and takeover. The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.

Learn how to use the Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment. The collection of tools listed here may be used as standalone tools or in conjunction with other tools and kits to provide a broad or granular landscape of a particular system or the entire network of hosts.

UPDATE. SonicWall said a zero-day in its SMA 100 series 10.x code was targeted by "Highly-sophisticated" attackers. "On Sunday, January 31, 2021, the NCC Group alerted the SonicWall Product Security Incident Response Team about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code," said SonicWall in an updated statement.

The Australian Securities and Investments Commission has revealed that one of its servers has been accessed by an unknown threat actor following a security breach. ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia's national corporate regulator.

A ransomware gang continues to taunt Windows software developer IObit by hacking its forums to display a ransom demand. On January 16th, the IObit forums were hacked as part of an attack to distribute the DeroHE ransomware.

Matt Kunkel: The biggest challenge for quantifying and prioritizing risk is data. 2020 got the attention of executives on risk management, the challenge for risk professionals in 2021 is what will they do with it.

Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised. Over the weekend, the company started informing users of a data breach that may have resulted in their personal information being stolen.