Month: March 2021

Vulnerabilities

Issued by: Security Week

The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai. “Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an…

Network Security

Issued by: Security Week

Gen. Paul Nakasone, in prepared remarks to the Senate Armed Services Committee, did not describe those operations, so it was not immediately clear whether these were efforts strictly at defending the United States against intrusions or offensive measures to shut down intruders. He said his command’s operations were designed “to get ahead of foreign threats…

Malware & Threats

Issued by: Security Week

The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals. According to Guardicore researcher Amit Serper, the Purple Fox operators primarily used exploit kits and phishing emails to build botnets…

Malware & Threats

Issued by: Security Week

The Chicago, Illinois-based company is one of the largest commercial insurers in the United States, offering cyber insurance policies alongside a broad range of other insurance products. In a March 23 announcement, the company revealed that, over the weekend, it fell victim to a cyberattack that impacted certain systems, and which resulted in network disruptions….

Malware & Threats

Issued by: Security Week

A Java-based web framework, Apache OFBiz is an open source enterprise resource planning (ERP) system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry. OFBiz is one of the platforms that was affected by a Java serialization vulnerability identified and reported in 2015,…

Malware & Threats

Issued by: Security Week

Malware hunters at U.K.-based NCC Group are raising the alarm for mass scanning and “multiple exploitation attempts” with exploits targeting critical security flaws in the F5 enterprise networking infrastructure products. The vulnerabilities were patched on March 10 and are considered high-priority fixes because of the risk of exposure to authentication bypass and remote code execution…

Malware & Threats

Issued by: Security Week

Grid Solutions is a GE Renewable Energy business that provides electricity management solutions for the energy sector, including oil and gas, as well as industry and infrastructure organizations. Advisories published this week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and GE Grid Solutions (account required) inform customers that more than a dozen UR…