Security News
Follina abuses Microsoft Office to execute remote code. CVE-2022-30190, also known as "Follina", is a remote code execution vulnerability that affects Microsoft Office, reported on May 27, 2022.
NordLayer is not just a client-based VPN tool that you have your employees install and hope they remember to use, it also includes an admin console that allows you to keep tabs on those employees if they're using the VPN, and what gateways they've connected to. NordLayer also features threat management, network management, 2FA/SSO/biometric authentication, auto-connect, network segmentation, site-to-site dedicated gateways, shared servers, AES 256-bit encryption, ThreatBlock, custom DNS, dedicated IP addresses, jailbroken device detection and smart remote access.
Workspot announced a survey report which reveals that in the past year, due to remote work, 83% of IT leaders expanded or accelerated their cloud strategies, while still facing increasing challenges with security, and concerns about employee compliance to new controls. With that in mind, budgets are expected to increase throughout the year to improve remote work technologies.
Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable.
Security, employee compliance biggest challenges when supporting remote workers. For its report "The State of Remote Work 2022: A Survey of End-User Computing Decision Makers," Workspot commissioned market research firm Dimensional Research to survey 304 IT professionals about their remote workforce.
Attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams. The hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks through remote access tools and cloud services.
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device.
QNAP has released several security advisories today, one of them for a critical security issue that allows remote execution of arbitrary commands on vulnerable QVR systems, the company's video surveillance solution hosted on a NAS device. QNAP's advisory explains that the "Vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands."
Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems. Threat actors can send undisclosed requests and leverage the flaw to bypass the iControl REST authentication and access the F5 BIG-IP systems, an attacker can execute arbitrary commands, create or delete files or disable servers.
Cloud security and application delivery network provider F5 on Wednesday released patches to contain 43 bugs spanning its products. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory.