Security News

The Federal Bureau of Investigation has released a Private Industry Notification to warn of DoppelPaymer ransomware attacks on critical infrastructure. DoppelPaymer emerged as a forked version of BitPaymer, both believed to be the work of TA505, the threat actor best known for the infamous Dridex Trojan and Locky ransomware families.

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Hewlett Packard Enterprise has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager software for Windows and Linux. HPE SIM is a management and remote support automation solution for multiple HPE servers, storage, and networking products including but not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 Servers.

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The specific critical bug in Firefox was also highlighted earlier this month in Google's Chrome browser security update, where it was rated as a high-severity flaw.

According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. "URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected," said Yevgeny Dibrov, CEO and co-founder of Armis, when the bugs were discovered.

The global Google services outage yesterday was caused by the company's Identity Management System failing after a bug restricted its storage space. According to a tweet and a Google status report, the outage was caused by the company's automated quota management system reducing the amount of storage available to Google's authentication system.

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. The XML round-trip vulnerabilities listed below lurk in Golang's XML language parser encoding/xml which doesn't return reliable results when encoding and decoding XML input.

This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. Redmond also issued the December 2020 Patch Tuesday security updates, with security updates for 58 vulnerabilities, nine of them rated as Critical.

Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life. Game developer Valve has fixed critical four bugs in its popular Steam online game platform.