Month: March 2021

Malware & Threats

Issued by: Dark Reading

Multiple attack groups are exploiting the critical Microsoft Exchange Server vulnerabilities patched last week – and the growing wave of global activity began before Microsoft released emergency fixes on March 2. Security firms including Red Canary and FireEye are now tracking the exploit activity in clusters and anticipate the number of clusters will grow over…

Application Security

Issued by: Dark Reading

Researchers at Check Point recently discovered that the operator of a malware tool that breaks into mobile users’ financial accounts was employing a novel new method to sneak its malware into Google’s official Android Play mobile app store. The method involved using Google’s own Firebase platform for command-and-control (C2) communications and using GitHub as a…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-1844 and co-reported by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, the flaw was addressed with software updates for macOS, iOS, watchOS, and Safari. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim…

Vulnerabilities

Issued by: Security Week

The 320-bed facility in Oloron-Sainte-Marie near the Pyrenees mountains was hit by the attack on Monday, with screens displaying a demand in English for $50,000 in Bitcoin. Hospital workers have had to revert to working with pens and paper, since digital patient records are not available. The management system, used to monitor medicine stocks and…

Cloud Security

Issued by: Security Week

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…

Mobile Security

Issued by: Help Net Security

Tufin released the Vulnerability-Based Change Automation App (VCA). The new app expands Tufin’s vulnerability management capabilities with automated vulnerability checks prior to approving network access changes. When combined with the Vulnerability Mitigation App (VMA), Tufin delivers a vulnerability management solution that allows customers to maintain additional control over their attack surface when making network changes….

Malware & Threats

Issued by: Help Net Security

By the end of 2020, the ransomware market, fueled by the pandemic turbulence, had turned into the biggest cybercrime money artery. Based on the analysis of more than 500 attacks observed during Group-IB’s own incident response engagements and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150%…

Software Security

Issued by: CIO Security

Several leading health systems got together recently to announce the formation of Truveta, an independent company that will pool patient medical records from the participating health systems and analyze them for insights to drive healthcare outcomes. The announcement highlighted the benefits of sharing de-identified data for driving research, new therapies, and improved health outcomes. In…