Security News
ACI Worldwide announced that Amanda Mickleburgh, product director for Merchant Fraud, has been appointed to the European Advisory Board of the Merchant Risk Council, a global membership organization connecting eCommerce fraud and payments professionals. Since joining ACI in 2007, she has held various strategic roles, with a focus on eCommerce fraud prevention.
The U.S. Cybersecurity and Infrastructure Security Agency this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities. The vulnerabilities, reported to Fuji Electric by various researchers through Trend Micro's Zero Day Initiative and CISA, have been described as buffer overflow, out-of-bounds read/write and uninitialized pointer issues that can be exploited for arbitrary code execution.
SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform. After analyzing the SolarWinds breach, both Palo Alto Networks Unit 42 and Microsoft reported on an additional malware named SuperNova distributed using the App Web logoimagehandler.
Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. A low-level TCP/IP software library, the Treck TCP/IP stack is specifically designed for embedded systems, featuring small critical sections and a small code footprint.
Kudelski Security announced the launch of a new focus on quantum security, including expanded research and advisory services that enable security leaders and product and system developers to align their long-term approach to risk and data protection to the era of quantum computing. The global quantum practice for Kudelski Security is led by Dr. Tommaso Gagliardoni, who brings extensive expertise in academic and applied research in the fields of cryptography, quantum computing, and advanced mathematics.
Cymatic announced that Stuart McClure, founder and former chief executive of AI security firm Cylance, has been named to the Cymatic advisory board. Stuart's security and technology expertise will provide Cymatic with technical guidance and market leadership to ensure the success and relevance of its all-in-one client-side WAF CymaticONE + VADR. Stuart is widely recognized for his achievements in applying machine learning and artificial intelligence to endpoint protection and defense.
Storage solutions provider QNAP this week published an advisory to warn customers that certain versions of QTS, the operating system for its network-attached storage devices, are affected by the Zerologon vulnerability. "If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking," the company explains.
The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
Wickr announced the launch of its Federal Advisory Board to provide strategic guidance on the company's federal strategy to connect end users with secure collaboration for mission-critical needs. The Federal Advisory Board will be vital in supporting Wickr's federal strategy, capitalizing on its recent growth - including a multi-million-dollar contract award with the Air Force special operations community - by providing external guidance, expertise and strategy on how to bring the world's most secure collaboration tool to federal departments.
Michael Breslin, Strategic Client Relations director for Federal Law Enforcement at LexisNexis Risk Solutions, has been selected by the U.S. Secret Service from a small group of private sector executives, government officials and academic experts to advise the agency's investigations team on how it can better use technology to get ahead of criminals. The newly formed 16-member Cyber Investigations Advisory Board will provide the Secret Service's Office of Investigations with outside strategic input for the agency's investigative mission, including insights on the latest trends in cybercrime, financial crime, technology, and investigative techniques.