September 2021 - Page 4 of 6 - Cyber Security Minute

SAP Patches Critical Vulnerabilities With September 2021 Security Updates

Issued by: Security Week

The most important of the newly released security notes patches a missing authorization check in SAP NetWeaver Application Server for Java. Tracked as CVE-2021-37535, the vulnerability has a CVSS score of 10. Two other critical vulnerabilities (CVSS score of 9.9) were addressed with Hot News security notes for NetWeaver. These include CVE-2021-38163, an unrestricted file…

Vulnerabilities

Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System

Issued by: Security Week

The country introduced e-voting in 2003 on a limited basis, as part of ongoing tests, and earlier this year it disclosed the future Swiss e-voting system, in phases, to be able to implement any necessary improvements. The e-voting system is expected to deliver not only transparency, but also reliability, voting secrecy, and verifiability, while meeting…

Network Security

CISA Appoints Kiersten Todt as New Chief of Staff

Issued by: Security Week

Before joining CISA as chief of staff, Todt served as managing director of the non-profit Cyber Readiness Institute (CRI). She also served as president and managing partner at risk management consulting firm Liberty Group Ventures between 2012 and 2016. Kiersten TodtAs for roles in the government, Todt served in 2016 as the executive director of…

Network Security

The Implications of China’s New Personal Information Protection Law

Issued by: Security Week

PIPL is the third of China’s new cybersecurity laws. The first was the Cybersecurity Law, which has been in effect since June 2017. This is designed to regulate the network and platform providers, and how they handle personal data. The second is the Data Security Law (DSL), which came into effect on September 1, 2021….

Vulnerabilities

WordPress 5.8.1 Patches Several Vulnerabilities

Issued by: Security Week

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…

Vulnerabilities

Facebook Announces Encrypted WhatsApp Backups

Issued by: Security Week

While a user can easily turn on WhatsApp on any new device, given that accounts are phone number-based, conversation history isn’t available unless a backup was created on the previous device. Users can set time intervals for the creation of local backups and can also choose to store those in the cloud, for fast access….

Network Security

CISOs Faced With Friction, Resistance From Remote Workers Over Security Controls

Issued by: Security Week

The cyberthreat to working from home is well understood. Security teams are suddenly faced with hundreds and often thousands of new endpoints that are beyond the protection of the office system, and outside the reach of their visibility. While there are technological answers to this problem, new research from HP Wolf Security indicates that implementing…

Vulnerabilities

GitHub Patches Security Flaws in Core Node.js Dependencies

Issued by: Security Week

“These vulnerabilities may result in arbitrary code execution due to file overwrite and creation when tar is used to extract untrusted tar files or when the npm CLI is used to install untrusted npm packages under certain file system conditions,” GitHub said in an advisory. A code npm dependency, tar is used to extract and…

Vulnerabilities

HAProxy Vulnerability Leads to HTTP Request Smuggling

Issued by: Security Week

An attacker could exploit the vulnerability – tracked as CVE-2021-40346 (CVSS score of 8.6) – to bypass duplicate HTTP Content-Length header checks. Thus, the attacker could smuggle HTTP requests to the backend server without the proxy server noticing it, or launch a response-splitting attack. “Our analysis confirmed that the duplication is achieved by making use…

Application Security

ProtonMail (Wrongly?) Criticized for Disclosing User IP to Authorities

Issued by: Security Week

ProtonMail, a privacy and security-focused email provider based in Switzerland, has been strongly criticized for providing the IP address of a customer to Swiss authorities, ultimately leading to the arrest of a climate activist in France. But simply blaming ProtonMail misses the important lessons of this case. Background French authorities were aware that a group…