Security News

Industrial automation giant Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco's IOS XE software. Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software.

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform, modular Monero-mining botnet that seems to have flown under the radar for years.

Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution. Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.

More than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of them impact third-party plugins and themes rather than the WordPress core, according to a new report from website security company Patchstack. The report is based on data from Patchstack's WordPress vulnerability database, which includes information collected by the company's internal research team and its bug bounty community, by third-party cybersecurity vendors, and by independent security researchers.

Last Thursday, Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council with a focus on 5g networks and software and cloud services vulnerabilities. "That is why I am refocusing and revitalizing the FCC's Communications, Security, Reliability, and Interoperability Council for the challenges of today and tomorrow. The damage from recent supply chain attacks, like the SolarWinds software breach, demonstrates our need for a coordinated, multifaceted, and strategic approach to protecting our networks from all threats."

New DNS vulnerabilities have the potential to impact millions of devicesForescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. FBI removes web shells from hacked Microsoft Exchange serversAuthorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. The benefits of cyber threat intelligenceIn this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence.

Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition and other industrial systems that use OpENer. Maintained by EIPStackGroup and designed for I/O adapter devices, the OpENer EtherNet/IP stack offers support for multiple I/O and explicit connections, implements the ENIP and CIP industrial protocols, and is highly popular among major SCADA vendors.

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.

The U.S. government on Thursday warned that Russian APT operators are exploiting five known - and already patched - vulnerabilities in corporate VPN infrastructure products, insisting it is "Critically important" to mitigate these issues immediately. According to the NSA, the five vulnerabilities should be prioritized for patching alongside the newest batch of Exchange Server updates released by Microsoft earlier this week.

A joint advisory from the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation warn that the Russian Foreign Intelligence Service is exploiting five vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks.