Month: April 2021

Application Security

Issued by: Security Week

Last Thursday (April 15th), Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council (CSRIC) with a focus on 5g networks and software and cloud services vulnerabilities. “I am committed to working with our federal partners and the private sector to increase the security and resiliency of our nation’s…

Network Security

Issued by: Security Week

According to NVIDIA, Morpheus leverages machine learning to identify anomalies and threats — such as phishing, data leaks and malware — through real-time inspection of all IP traffic in an organization’s data centers. NVIDIA Morpheus framework uses BlueField DPUMorpheus works with NVIDIA’s BlueField data processing units (DPUs), a powerful processor designed specifically for data centers….

Network Security

Issued by: Security Week

The sanctions, foreshadowed for weeks by the administration, would represent the first retaliatory action announced against the Kremlin for last year’s hack, familiarly known as the SolarWinds breach. In that intrusion, Russian hackers are believed to have infected widely used software with malicious code, enabling them to access the networks of at least nine agencies…

Vulnerabilities

Issued by: Security Week

After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers. In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange…

Malware & Threats

Issued by: Security Week

IoT security company Forescout on Tuesday revealed that four popular TCP/IP stacks — specifically FreeBSD, Siemens’ Nucleus, IPnet and NetX — are affected by a total of nine DNS-related flaws that can be exploited for remote code execution (including to take control of targeted devices), DoS attacks, and DNS cache poisoning. The vulnerabilities, collectively tracked…

Vulnerabilities

Issued by: Security Week

Wyatt Travnichek, 22, was charged last month with remotely accessing the Post Rock Rural Water District’s systems in March 2019, about two months after he quit his job with the utility. He’s accused of shutting down the facility’s cleaning and disinfecting procedures. When he worked for the utility, he would monitor the water plant remotely…

Vulnerabilities

Issued by: Security Week

On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that are based on Google’s open source Chromium project. The researchers demonstrated the exploit against both Chrome and Microsoft Edge. Visiting a specially crafted website…