Security News

When the move to the cloud was dramatically exacerbated by companies rapidly shifting to remote work, these tools fell short of supplying clear visibility into multiple environments and technology layers. The need to quickly adapt and scale to the new reality provided the perfect opportunity to accelerate the push to cloud, but outdated traditional security information and event management tools are not able to efficiently collect and process the high volume of telemetry generated by the multiple cloud services adopted as part of this push.

Two vulnerabilities in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-building utilities.

Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.

Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "Critical" bug in the Defender security product that's being actively exploited. Security experts are urging security response personnel to pay special attention to CVE-2021-1647, which describes a remote code execution flaw in Microsoft Defender, the company's flagship anti-malware product.

In tandem with Tuesday's security update, Adobe starting on Tuesday will also block Flash Player content, weeks after dropping support for Flash. The move means that when users attempt to load a page with Flash Player, the content now will no longer load. "Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems," according to Adobe.

The 5G ecosystem is reaching a level of technology maturity much more rapidly than earlier generations, enabling operators to develop network deployment and go to market strategies with mass-market appeal and scalable across evolving B2C, B2B and B2B2X business models. Strategy Analytics' report reviews 5G commercial developments to date and provides recommendations to operators on how to build competitive, differentiated 5G value propositions.

The FBI has announced that Christopher Dobbins pleaded guilty and was sentenced to a year in prison for breaching and temporarily disabling the Stradis Healthcare shipping system using a secret account, after being fired weeks earlier. Last March, as doctors reported having to ration and reuse personal protective equipment to treat COVID-19 patients, Georgia-based Stradis Healthcare, which packages and ships PPE and surgical kits, was eager to step up and help, according to FBI Special Agent Roderick Coffin, who investigated the matter.

Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below.

Several critical vulnerabilities have been found by researchers in products from PTC-owned industrial automation solutions provider Kepware. The U.S. Cybersecurity and Infrastructure Security Agency last week published two advisories describing vulnerabilities identified in Kepware products.