Security News > 2021

ColorTokens announced co-founder Rajesh Khazanchi has been appointed Chief Executive Officer. Rajesh is an experienced leader with a strong track record of developing and delivering innovative products.

PCI Pal announced the appointment of Mufti Monim as Chief Technology Officer to direct the strategic technical vision for the company. Mufti joins PCI Pal from Deko, the retail finance cloud technology provider where, as CTO, he led the product and engineering teams, developing a market-leading platform used by more than 1700 merchants and processing more than 2 million credit applications, worth in excess of £2bn. Prior to working at Deko, Mufti was Head of Technology at Lebara Money, where he created an international money transfer platform, achieving £100 million worth of transfers within its first 12 months of operation.

The US Cybersecurity and Infrastructure Security Agency has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first.

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things endpoints are vulnerable to either a denial-of-service or remote code-execution attack, according to a joint report by Forescout Research Labs and JSOF Research Labs. NAME:WRECK is similar to previous TCP/IP-DNS bugs that illustrate the complexity of the DNS protocol "That tends to yield vulnerable implementations," where bugs can often be leveraged by external attackers to take control of millions of devices simultaneously, researchers said.

Password specialist 1Password has acquired SecretHub, a secrets management platform aimed at IT engineers, and made a new service called Secrets Automation, previously in beta, generally available. Secrets Automation uses a Connect Server, delivered as a Docker container, which users deploy in their environment.

Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee's said averaged 588 attacks per minute within its telemetry during Q3 and Q4 of 2020. Researchers observed an average of 648 threats per minute in Q4 in the wild, an increase of 10 percent over the third quarter a continued upward trend from the 40 percent jump compared to Q2 2020, McAfee's latest threat report said.

The Cloud Security Alliance has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange security. Drafted by CSA's Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersecurity professionals on the pros and cons of further securing cryptocurrency exchanges, including both Decentralized Exchanges and hosted wallets at cloud-based exchanges, OTC desks, and cryptocurrency swap services.

April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post.

The organization that oversees Sweden's national sports federations was hacked by Russian military intelligence in 2017-18, officials said Tuesday, in a data-breaching campaign that also affected some of the world's leading sporting bodies, including FIFA and the World Anti-Doping Agency. Swedish prosecutors said the "Repeated and comprehensive breaches" of the Swedish Sports Confederation by GRU resulted in athletes' personal details, such as medical records, being accessed and that information being published by Swedish media.

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. The flaws affect on-premise Exchange Server versions 2013 through 2019 and while there is no evidence of being exploited in the wild, Microsoft assesses that threat actors are likely to leverage them as soon as they create an exploit.