Security News > 2021

The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. Php.net server," developer Nikita Popov explained in a message sent out through one of the project's mailing lists.

Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."

The non-fungible bit merely means it's not the same as other NFTs so can't be considered as their equivalent nor traded as such. There is a single nugget of magic in NFT: authenticity.

As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. TBox is an "All-in-one" solution for automation and control systems for supervisory control and data acquisition applications, with its telemetry software used for remote control and monitoring of assets in a number of critical infrastructure sectors, such as water, power, oil and gas, transportation, and process industries.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.

The last year has probably seen a chunk of your workforce shift to home, negating any concept of an easily defensible corporate "Perimeter" around your systems and data. Probably, have more data than ever before to worry about, as your business increasingly relies on analytics and AI. But where is that data? In a data centre? Somewhere in the cloud? On your workers' home networks and devices?

McAfee announced the general availability of McAfee MVISION Cloud Native Application Protection Platform, a new security service designed to secure cloud native applications. McAfee MVISION CNAPP is the industry's first platform that brings application and data context to converge Cloud Security Posture Management for public cloud infrastructure, and Cloud Workload Protection Platform to protect applications distributed across virtual machines, compute instances and containers.

Businesses who change risky employee behavior methodically and effectively through personalized, timely, and relevant learning will see an improvement to their overall security posture and a reduction in the number of security incidents. It stands to reason that the training and coaching offered to employees needs to meet the same level of personalization in order to effectively combat these threats and change risky habits and behaviors over time.

To select a suitable bot protection solution for your business, you need to think about a variety of factors. A successful bot mitigation solution has to be effective immediately, stopping new bots and never seen before attack methods.

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.