Security News

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. CVE-2021-21998 is the second time VMware is addressing an authentication bypass issue in its Carbon Black endpoint security software.

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.

A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product. During an internal security review, Palo Alto Networks discovered that its Cortex XSOAR security orchestration, automation and response platform is affected by an improper authorization issue.

A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack affecting their data, services, and business continuity.

SEMPRE provides military-grade 5G and high-performance edge computing infrastructure for telecom operators, first responders, government and enterprise customers. SEMPRE accelerates the transition towards decentralized digital infrastructure by leveraging distributed edge computing optimized for artificial intelligence - making its customers' networks stronger and reducing data transport, while providing them with new revenue opportunities.

As recent ransomware and cyberattacks are highlighting the potential impact of data loss to critical infrastructure, Veeam is strengthening its commitment to deliver Modern Data Protection to the U.S government with additional industry resources. With more than 1,200 government customers, VGS is focused on the backup and protection of mission-critical data for the U.S. Department of Defense, Civilian Agencies, Native American Tribes, the Intelligence Community and Federal System Integrators.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit that could be abused by an adversary to gain improper access to audio and video streams. ThroughTek's point-to-point SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.

A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical U.S. entities. The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to U.S. critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations.

Cyborg Security unveiled new capabilities within the HUNTER content platform. These capabilities are designed to defend against rapidly evolving threats, including growing attacks on critical infrastructure and supply chains, while reducing Mean-Time-to-Deployment of threat hunting and detection content.

German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day. SAP NetWeaver received the largest number of patches with a total of 10 security notes documenting and resolving vulnerabilities.