Security News > 2021

British infosec biz Sophos reckons just under half of malware traffic it saw in the wild during the opening three months of 2021 alone was using Transport Layer Security to encrypt both its command-and-control traffic and data exfiltration. He was open about this only being traffic observed by Sophos, meaning the true worldwide figure for TLS-encrypted malware traffic could differ.

Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots. Once I even "Caught" a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading confidential information as virtual-machine images.

Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution. Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.

More than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of them impact third-party plugins and themes rather than the WordPress core, according to a new report from website security company Patchstack. The report is based on data from Patchstack's WordPress vulnerability database, which includes information collected by the company's internal research team and its bug bounty community, by third-party cybersecurity vendors, and by independent security researchers.

Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update, including patches for more than 200 bugs that could be exploited remotely without authentication. The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10.

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans to a very specific group of targets who use Bloomberg's industry-based services. Researchers have been tracking the email based campaign since Fajan first commenced activity in March, recovering a "Relatively low volume" of samples that make it tricky to determine "Whether the campaigns are carefully targeted or mass-spammed," according to a report posted online Wednesday.

The EU unveiled a plan Wednesday to regulate the sprawling field of artificial intelligence, aimed at helping Europe catch up in the new tech revolution while curbing the threat of Big Brother-like abuses. There have been competing concerns over the plans from both big tech and civil liberties groups arguing that the EU is either overreaching or not going far enough.

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild. "The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."

If Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability that is currently being exploited in the wild and for which there is no patch available yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in Pulse Secure VPN devices to circumvent multi-factor authentication protections and breach enterprise networks.

Attackers have been exploiting several old and one zero-day vulnerability affecting Pulse Connect Secure VPN devices to breach a variety of defense, government, and financial organizations around the world, Mandiant/FireEye has warned on Tuesday. Phil Richards, the Chief Security Officer at Ivanti - the company that acquired Pulse Secure in late 2020 - said that the zero-day vulnerability "Impacted a very limited number of customers," and that the software updates plugging the flaw will be released in early May. In the meantime, they've offered some workarounds that can mitigate the risk of exploitation of that particular vulnerability, as well as a tool that can help defenders check if their systems have been affected.