Alaska Courts Restore Email, Lack Answers on Cyber Attack
The court system, in a statement, said it doesn’t know who was behind the attack, why the court system was targeted or how long it will be before services are fully back online. It says it does not believe personal or confidential data was taken from the courts’ computer systems and says no credit card…
TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers
The flaw, dubbed TsuNAME, was discovered by researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California. Impacted organizations have been notified and given 90 days to take action before the vulnerability was disclosed. Google…
Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks
Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…
Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply
Eaton’s IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply (UPS) devices on their network. According to security advisories published this month by Eaton and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the IPM product is affected by six…
Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software
Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software. In fact, a majority of the security advisories released by the company for its Stratix products address flaws that exist in Cisco software. The latest Stratix advisory released by Rockwell covers a total of 8…
Vulnerability in CocoaPods Dependency Manager Exposed Millions of Apps
A dependency manager for Swift and Objective-C Cocoa projects, CocoaPods has more than 82,000 libraries and is being used in over 3 million applications. The tool is built using Ruby and can be used with the default Ruby on macOS. The identified vulnerability, Justicz explains, resides in a function designed to check that, when a…
Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy
Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020. Until now, if Project Zero researchers found a security hole in a product, it was disclosed after exactly 90 days, regardless of when a patch was released or whether a patch was available at all. The impacted vendor…
Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched
The second exploit was publicly disclosed by a researcher who uses the online moniker Frust and who works for Chinese cybersecurity company Qihoo 360. Frust announced the availability of an exploit for a “zero-day” Chrome vulnerability on Twitter on Wednesday, and a few hours later published a blog post with a technical description of the…
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers. In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange…
Small Kansas Water Utility System Hacking Highlights Risks
Wyatt Travnichek, 22, was charged last month with remotely accessing the Post Rock Rural Water District’s systems in March 2019, about two months after he quit his job with the utility. He’s accused of shutting down the facility’s cleaning and disinfecting procedures. When he worked for the utility, he would monitor the water plant remotely…
