Security News > 2021

'To observe the outputs of the two black boxes for a finite time and make a pronouncment of if the boxes contain a random generator or a determanistic generator. 2, The first is not, the second is.3, The first is, the second is not.4, Both are random.

The US Cybersecurity and Infrastructure Security Agency has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure VPN appliances on their networks by Friday. CISA issued the Emergency Directive 21-03 Tuesday after Pulse Secure confirmed a FireEye report saying that at least two state-backed threat groups exploited the bug to breach government and defense organizations in the US and across the globe.

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.

The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. Due to its prevalent use in corporate networks, cybercriminals have built a thriving economy around selling the stolen credentials for RDP servers.

Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport vowed this morning. Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.

WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent.

SaaS security management company AppOmni on Wednesday announced that it has raised $40 million in a Series B funding round, which brings its total funding to more than $53 million. AppOmni's solutions scan APIs, security controls and configurations associated with SaaS applications, enabling organizations to evaluate their security posture and improve it.

Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. The data also contained private phone numbers collected because of a vulnerability that Facebook fixed in August 2019, the company told BleepingComputer.

A remote code execution vulnerability identified on the central CocoaPods server could have allowed an attacker to poison any package download, security researcher Max Justicz reveals. A dependency manager for Swift and Objective-C Cocoa projects, CocoaPods has more than 82,000 libraries and is being used in over 3 million applications.

Security company Infosec is taking a different approach by measuring a company's security culture. Jack Koziol, Infosec CEO and founder, said a company's cybersecurity culture offers unique insight into the effectiveness of security awareness training.