Security News

Cisco Talos researchers note in a new analysis that "Unauthorized software on end systems is never a good sign. Today it's a crypto miner, tomorrow it could be the initial payload in an eventual ransomware attack." Crypto mining has increased from 3% of all mining alerts in January 2020 to 6% in March 2021, according to analysis from Talos.

Armis security researchers have warned of severe and unpatched remote code execution vulnerabilities in Schneider Electric's programmable logic controllers, allowing attackers to take control of a variety of industrial systems. The vulnerability itself, dubbed "ModiPwn," chains on two previously disclosed issues, discovered by security firm Talos in 2018 and 2019 respectively, which Schneider Electric claimed to have patched.

Coursera states, in its Vulnerability Disclosure Program, that access control issues are a security concern. API leaks are not uncommon and have been main contributors to major security issues.

So a RCE with #printnightmare on a fully patched server, with Point & Print enabled. Mimikatz creator Benjamin Delpy, who is also responsible for the R&D Security Center at the Banque de France, shared a screenshot of a reversed-engineered Windows DLL with The Register and explained that the problem was down to how Microsoft was checking for remote libraries in its patch for PrintNightmare aka CVE-2021-34527.

Researchers have successfully reproduced the exploit used in the recent cyberattack targeting IT management software maker Kaseya and its customers. Kaseya on July 2 urged customers to immediately shut down on-premises servers running its VSA endpoint management and network monitoring tool due to a cyberattack.

A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall's Network Security Manager product. The security hole affects the on-premises versions of SonicWall NSM only and can be exploited through specially crafted HTTP requests sent to the vulnerable application.

A proof-of-concept exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021.

Abandoned or ignored subdomains often include overlooked vulnerabilities that leave organisations open to attack, according to a team of infosec researchers from the Vienna University of Technology and the Ca' Foscari University of Venice. That laxity leaves subdomains open to a cookie-based attack in which an attacker sets up their own site to replace an abandoned or expired subdomain hosted on a completely different server from the main web site.

It is increasingly being breached: numerous security hacks just this past month include the Colonial Pipeline security breach and the JBS Foods ransomware attacks where hackers took over the organization's computer systems and demanded payment to unlock and release it back to the owners. Columbia Engineering researchers who are leading experts in computer security recently presented two major papers that make computer systems more secure.

Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company's Bitbucket-hosted source code. The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company's products a tempting target for malicious actors.