Security News > 2021

Cloud 9 announces the appointment of Gary Reinersman as the new Chief Technology Officer. With over 30 years of experience in building and deploying enterprise software solutions, Gary joins Cloud 9 Software with the overall responsibility of integrated product delivery.

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. A typical cyberattack is introducing malicious JavaScript onto a website to redirect visitors to malicious sites, display phishing forms, exploit vulnerabilities, and steal submitted payment information.

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution. Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the test alert actions feature available in the Orion Web Console, which lets users simulate network events that can be configured to trigger an alert during setup.

About 204 different "Fleeceware" applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to "Test" the app, before commencing automatic payments that can be exorbitant.

Microsoft has addressed a known issue causing the new Microsoft Edge web browser not to install from custom Windows 10 installation media including updates released on Thursday, March 25. Microsoft Edge Legacy is also being removed if using Windows 10 install media bundling the KB5000850 non-security release preview update for Windows 10 1909 and Windows Server 1909.

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "Attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service condition," the networking major said in an advisory. In order to do this, an attacker needs to be authenticated to an Extensible Messaging and Presence Protocol server running the vulnerable software, as well as be able to send XMPP messages.

Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security and Secure Sockets Layer protocols, which support encrypted network connections. "In order to be affected, an application must explicitly set the X509 V FLAG X509 STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose," the OpenSSL advisory explains.

Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it's willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data.

Forty percent of people have lost data stored in their online tools, according to the findings from a recent survey of Software-as-a-Service users across a mix of industries by cloud backup provider Rewind. The company is encouraging businesses of all sizes to assess their current cloud data protection initiatives and have comprehensive backups in place for primary business applications ahead of World Backup Day on March 31.

How a social engineer ripped off a victim lured in by one of those "Small outstanding fee to pay" home delivery scams. The ransomware crooks targeting networks that still haven't done their Hafnium patches.