Security News

In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency that hackers could be targeting satellite communications networks in general.

CISA and the FBI said today they're aware of "Possible threats" to satellite communication networks in the US and worldwide. Today's security advisory also warned US critical infrastructure organizations of risks to SATCOM providers' customers following network breaches.

Veeam Software has patched two critical vulnerabilities affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code.Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.

Companies critical to U.S. national interests will now have to report when they're hacked or they pay ransomware, according to new rules approved by Congress. The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon.

In this interview with Help Net Security, Michael Johnson, Board of Directors at Safe Security, talks about the importance of critical infrastructure security, why attacks on critical infrastructure are particularly worrying, and what can be done to thwart these threats. Our way of life could be impacted by a capable attack on critical infrastructure.

Singapore's Cyber Security Group, an agency charged with securing the nation's cyberspace, has uncovered four critical flaws in code from network software company Riverbed. The vulnerable application is SteelCentral AppInternals, formerly referred to as AppInternals Xpert, provided by Riverbed's Aternity division.

The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate across the full stack set at 60 days. High rates of "Known" vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

It's worth pointing out that Microsoft separately addressed 21 flaws in the Chromium-based Microsoft Edge browser earlier this month. All the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions, Microsoft Exchange Server, and VP9 Video Extensions.

Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture. More specifically, 2021 has seen a growth of 150% in the reported vulnerabilities compared to the previous year, while 29% of the critical flaws in WordPress plugins never received a security update.

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click attack, with two of the issues involving a case of faulty TLS handshake between the UPS and the APC cloud -.