Security News

Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month."Panasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021," the company said in a press release issued Friday.

In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment."Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country."

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.

Well-known email tracking organisation Spamhaus, which maintains lists of known senders of spams and scams, is warning of a fraudulent "FBI/Homeland Security" alert that has apparently been widely circulated to network administrators and other IT staff in North America. Urgent: Threat actor in systems Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.

A pair of PlayStation 5 breaches shows the consoles don't have protection from attackers taking over its most basic functions. The second hack was also posted on Twitter on Nov. 7 by Google security engineer Andy Nguyen, who is also known widely in hacker circles as TheFlow.

The United States has signed up for The Paris Call for Trust and Security in Cyberspace - an international effort to ensure the internet remains free and open, and an agreement to put critical infrastructure off limits to electronic attack by sovereign states and other actors. The Paris Call was issued by French president Emmanuel Macron in 2018, as part of that year's Internet Governance Forum held at UNESCO and alongside the Paris Peace Forum.

Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft. As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.

Twitter rolled out security keys to its entire workforce and made two-factor authentication mandatory for accessing internal systems following last year's hack. The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter's Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.

A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could be?ome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70.

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used to execute untrusted code and affects stable release branches 3.x and 2.x of Squirrel.