Security News

Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, named by the US government as CARR's leader and attacker-in-chief respectively, were designated for their alleged roles in attacks on US critical national infrastructure. Despite much of CARR's work since its inception in 2022 revolving around what the US Department of the Treasury describes as "Low-impact, unsophisticated DDoS attacks in Ukraine," the group was blamed for various attacks on US and European water facilities earlier this year.

Faulty CrowdStrike update takes out Windows machines worldwideThousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations in Europe, Australia, the US and elsewhere. Critical Splunk flaw can be exploited to grab passwordsA recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers.

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0.

SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager software, six of which allowed attackers to gain remote code execution on vulnerable devices. Access Rights Manager is a critical tool in enterprise environments that helps admins manage and audit access rights across their organization's IT infrastructure to minimize threat impact.

A recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers. Splunk Enterprise is a data analytics and monitoring platform that allows organization to collect and analyze machine-generated data from a variety of sources, such as network and security devices, servers, etc.

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway appliances using emails with malicious attachments. "This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system," Cisco explained.

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways and change the password of any user on its Smart Software Manager On-Prem license servers. Cisco Secure Email Gateways aim to protect businesses against emails laden with malware, malicious links and scams, and against exfiltration of sensitive data via email.

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. "An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user."

Costs associated with ransomware attacks on critical national infrastructure organizations skyrocketed in the past year. There's a good chance that the numbers would be skewed if 100 percent of the total CNI ransomware victims polled were entirely transparent with their figures.

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue," the Apache Software Foundation noted in late April 2024.