Security News

Concern around protecting critical national infrastructure is growing. Critical national infrastructure has become a hot target for cyber criminals and has exacerbated worries around the globe due to its importance to everyday life.

CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System used by critical infrastructure organizations.BlackBerry QNX powers critical infrastructure systems.

The vuln exists in Chinese IoT vendor ThroughTek's Kalay communication protocol, the researchers claim, adding that malicious users could exploit the vuln to remotely access victims' DVRs. Exploiting the vuln for real involves carrying out a man-in-the-middle attack: meaning the attacker needs to first obtain your home or office Wi-Fi password, or for the user to do something like open a remote management mobile app while on a poorly secured coffee shop Wi-Fi network."Unlike the vulnerability published by researchers from Nozomi Networks in May 2021, this latest vulnerability allows attackers to communicate with devices remotely," warned Mandiant Threat Intelligence today.

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.

vulnerability in the SDK that allows IoT devices to use ThroughTek's Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered.The Kalay platform allows IoT devices to register through it and get connected to a mobile or desktop application.

A security researcher helped Valve, the makers of the gaming platform Steam, plug an easy-to-exploit hole that allowed users to add unlimited funds to their digital wallet. Steam Wallet funds are exclusive to the Steam platform and are used to purchase in-game merchandise, subscriptions and Steam-related content.

SGT Capital announced that the EQT Mid Market Europe fund has agreed to sell Utimaco to SGT Capital. Utimaco has more than 470 employees around the globe and with its focus on protecting data, identities and critical infrastructures against cyber-crime, the Company is a crucial force in contributing to making the world and societies a safer place.

Authentic8, provider of Silo, announced it has become a Palo Alto Networks technology partner and unveiled its integration with the Palo Alto Networks Prisma Access cloud-delivered security platform. The integration combines Silo's zero trust web browsing with the secure web gateway capabilities of Prisma Access to deliver comprehensive and seamless secure remote access to business resources, shielding users, devices and applications from malicious web content.

Arcserve announced Arcserve N Series appliances, which deliver integrated hyperscale backup, recovery, and ransomware protection to enterprise infrastructures. The Arcserve N Series appliances, built on Arcserve UDP technology, are powered by Nutanix, a leader in private, hybrid, and multi-cloud computing, and secured by Sophos.

"HotNews" is the severity rating that SAP gives to critical vulnerabilities. Given the nine critical patches, Fritsch dubbed last month's light SAP Patch Tuesday the "Calm before the storm." In fact, he said, Tuesday's raft of patches have earned August the dubious honor of being "The most noteworthy SAP Patch Day this year" for customers, he wrote.