Month: November 2022

Vulnerabilities

Issued by: Help Net Security

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use…

Application Security, Network Security

Issued by: Security Week

“I think it’s a wake-up call for all of us. We must reinforce our ability to defend ourselves and also to defend our values,” European Commission Executive Vice-President Margrethe Vestager told reporters. The proposals aim to identify gaps in European infrastructure — such as roads, bridges, rail lines, ports or airports incapable of handling heavy…

Vulnerabilities

Issued by: Security Week

Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone products that could allow an attacker to easily breach the entry system using an NFC…

Malware & Threats

Issued by: Security Week

Initially detailed in October, the Prestige ransomware has been used in attacks against transportation and related logistics organizations in Ukraine and Poland, with some of the victims previously infected with the destructive HermeticWiper malware (FoxBlade). At the time, Microsoft said that the attacks did not appear to be related to known ransomware campaigns, despite the…

Mobile Security

Issued by: Security Week

Tracked as CVE-2022-20465, the security bug was resolved as part of the November 2022 Android patches, and could have allowed an attacker with physical access to a device to unlock it in minutes. The issue, which Schutz accidentally discovered, could allow an attacker to unlock an Android phone by triggering the SIM PIN reset mechanism,…

Malware & Threats

Issued by: Security Week

The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million. The US Justice…

Application Security

Issued by: Security Week

I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your…

Network Security

Issued by: Security Week

“I’ve made the hard decision to leave Twitter,” tweeted chief security officer Lea Kissner, who reportedly stepped down with other key privacy or security executives. The walk-outs came a day after the chaotic launch of new features introduced by Musk following his $44 million buyout of the influential one-to-many messaging app. It unveiled its long-awaited…

Vulnerabilities

Issued by: Security Week

Windows adds the MotW to files coming from untrusted locations, including browser downloads and email attachments. When trying to open files with the MotW, users are warned about the potential risks or, in the case of Office, macros are blocked to prevent malicious code execution. However, there are ways to bypass MotW defenses. Researcher Will…