Vulnerabilities

Vulnerabilities

Issued by: Security Week

In March 2020, shortly after COVID-19 was officially declared a pandemic, SecurityWeek reached out to several experts for their thoughts on the effects of the pandemic on early-stage venture investment in cybersecurity. While most agreed that there would be some negative impact, investors were optimistic. Since then, tens of companies have announced raising millions, tens…

Vulnerabilities

Issued by: Security Week

Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid. The adversary appears mainly focused on enterprises, with some of the victims being multi-national organizations…

Vulnerabilities

Issued by: Security Week

The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai. “Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an…

Vulnerabilities

Issued by: Security Week

Microsoft has released patches, detailed guidance, and a one-click mitigation tool to ensure that Exchange Server users are protected against attacks. The tech giant has now taken another step to protect customers who haven’t managed to install the available patches but who have Defender deployed on vulnerable servers. The Exchange vulnerabilities are tracked as CVE-2021-26855,…

Vulnerabilities

Issued by: Security Week

Mimecast was one of the several cybersecurity companies to confirm being targeted by the hackers who breached the systems of IT management solutions provider SolarWinds. After compromising SolarWinds systems, the attackers, which have been linked to Russia, used their access to deliver malicious updates for SolarWinds’ Orion monitoring product to roughly 18,000 customers. A few…

Vulnerabilities

Issued by: Dark Reading

Call centers are a fraudster’s dream. Millions of pieces of personally identifiable information (PII) are transmitted from customers to service agents every day. Anyone able to infiltrate these systems — either physically or digitally — can turn around and make a small fortune selling all sorts of valuable information on the Dark Web. In fact,…

Vulnerabilities

Issued by: Security Week

The BIG-IP software powers a wide range of products, including hardware, modularized software, and virtual appliances, which run on the TMOS architecture and provide customers with modules that support load balancing, firewall, access control, threat protection, and more. On March 10, F5 announced the release of fixes for multiple vulnerabilities in BIG-IP, some of which…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-1844 and co-reported by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, the flaw was addressed with software updates for macOS, iOS, watchOS, and Safari. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim…