Security News > 2021

Their most recent socially engineered messages try to convince users to download their fake version of TikTok by saying the app, which is banned in India, is now available, the report found. Threat actors blast out an SMS or WhatsApp message to numbers on the Jio network with the phishing lure message and a link to take advantage of the fraudulent offer, the report showed.

Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The three Cisco router models and one VPN firewall device are of varying age and have reached "End of life" and will not be patched, according to Cisco.

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.

The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers. IcedID, bears similarities to Emotet in that it's a modular malware that started life as a banking trojan used to steal financial information.

The hacking spree targeting underground marketplaces has claimed another victim as a database from card shop Swarmshop emerged on another forum. By the looks of it, the leak contains the records of the entire Swarmshop community along with all the stolen card data traded on the forum.

Like most things concerning cybersecurity, zero trust has a good side, a bad side and an ugly side. In his TechRepublic article, 5 tips for implementing a zero trust model, Lance Whitney offers how-to information on setting up and enforcing zero trust.

In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of "Hiring a hitman on the dark web". No victim targeted for murder via the dark web is ever going to take much comfort in the fact that their proposed assassin "Might not have been real."

Cisco this week announced patches for tens of vulnerabilities across its product portfolio, including a critical severity issue impacting the SD-WAN vManage software. Tracked as CVE-2021-1479 with a CVSS score of 9.8, the critical bug exists because of improper validation of user-supplied input and could allow an attacker to trigger a buffer overflow by sending a crafted connection request to the remote management component of SD-WAN vManage.

NEWS ANALYSIS: Google's decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development. Just 13 years after Google introduced the sandbox in Chrome touting "a new approach in browser security," the company is now blaming the limitations - and high processing cost - of sandboxing for a new decision to promote Rust as the low-level programming language of choice for the Android operating system.