Security News

Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system. The bugs are part of a larger set discovered and reported responsibly by one security researcher through the company's bug bounty program.

Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild. "Google is aware that an exploit for CVE-2021-30551 exists in the wild," the company said, without providing further technical details.

Microsoft jumped on 50 vulnerabilities in this month's Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows,. The six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution vulnerability.

Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research. Previously, the policies could be considered hostile toward projects with dual-use content, but the updated guidelines aim to make it clear that GitHub "Enables, welcomes, and encourages" dual-use security research - i.e. research that can be used for both good and bad purposes.

Soon after uploading the exploit, Jang received an email from Microsoft-owned GitHub stating that PoC exploit was removed as it violated the Acceptable Use Policies. GitHub faced immediate backlash from security researchers who felt that GitHub was policing the disclosure of legitimate security research simply because it was affecting a Microsoft product.

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network.

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability, caused by an out-of-bounds memory access issue, can allow a local attacker to elevate privileges by sending specially crafted requests.

New upgrades have been made to a Python-based "Self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today.

Companies have to be constantly vigilant about cybersecurity in order to stay safe, expert says. Larger gangs are providing ransomware-as-a-service for smaller criminal organizations.