Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.The latest confirmation of this appears today with a new Chrome point-update to patch a pair of security vulnerabilities affecting Windows, MacOS and Linux users. Google said it was aware of reports that both of these vulnerabilities - CVE-2021-21206 and CVE-202
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Last year, the malware was observed perfor
Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were rel
A pair of unpatched vulnerabilities in QNAP small office/home office (SOHO) network attached storage (NAS) devices could allow attackers to execute code remotely, according to a warning from security researchers at SAM Seamless Network.The bugs were found to affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446, but potentially impact other
The United States Department of Justice this week announced official charges against a Kansas man, for accessing and tampering with a public water system.The man, Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, is accused of accessing the computer system of the Ellsworth County Rural Water District without authorization.The intrusion took pla
A North Korean government-backed APT group has been caught using a fake pen-testing company and a range of sock puppet social media accounts in an escalation of a hacking campaign targeting security research professionals.The notorious hacking group, first exposed by Google earlier this year, returned on March 17th with a website for a fake penetration testi
The financial impact from a March 1 cyber-attack on CompuCom, a wholly-owned subsidiary of ODP Corporation, is expected to reach the $28 million range, the company said.Following the incident, which resulted in some of the managed services provider’s systems being infected with malware, customer services and internal operations were suspended, but ODP now sa
A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report.The report said the executive order, which could be released as soon as the next week, would require software vendors to notify U.S. government customers of cyber-security breaches that also
Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks.The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state
Feedzai, a late-stage fintech startup, is the latest entrant into cybersecurity’s unicorn club after snagging a new $200 million funding round that values the company at more than $1 billion.The San Mateo, Calif.- based Feedzai said the latest Series D round was led by KKR, one of the most prominent global investment firms. Existing investors Sapphire Ventur
Researchers with the PRODAFT Threat Intelligence Team took a deep dive into the operations of the SilverFish cyber-espionage group and linked one of its command and control (C&C) servers with recent high-profile malicious attacks. The investigation, which started from indicators of compromise (IOCs) published for the December 2020 SolarWinds attacks, has
For the third time this year, Google has shipped an urgent fix to block in-the-wild zero-day attacks hitting its flagship Chrome browser.The latest emergency Chrome patch, available for Windows, MacOS and Linux, provides cover for at least five (5) documented vulnerabilities. Three of the five bugs are rated “high-risk,” Google’s highest severity rating.Buri
Software giant Microsoft Corp. has launched an investigation to determine whether one of its flagship information-sharing programs sprung a leak that led to the widespread exploitation of Exchange server deployments around the world.According to a bombshell report in the Wall Street Journal, Redmond is looking closely at its Microsoft Active Protections Prog
McAfee is changing owners again as part of a $4 billion all-cash transaction that includes the sale of its enterprise business unit.McAfee, based in San Jose, Calif., announced on Monday it was selling its enterprise operations Symphony Technology Group (STG), a private equity firm that also owns security behemoth RSA Corp.The decision to shed the enterprise