Accellion to Retire File Transfer Service Targeted in Attacks
The 20-year-old service is planned for retirement on April 30, 2021, past which Accellion won’t renew licenses for the software. FTA runs on CentOS 6, an operating system that reached end-of-life on November 30, 2020, a matter that Accellion brought to the attention of FTA customers six months ago. Despite efforts to completely move away…
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises
vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery. VMware has told customers that several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands on the underlying…
Critical Vulnerability Patched in SAP Commerce Product
Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory. The vulnerability impacts SAP Commerce if the rule engine extension is installed. Meant to define and execute rules to manage decision-making scenarios, the rule engine uses a ruleContent attribute offering…
Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs
In its advisory for the vulnerability — the bug currently does not have a CVE identifier — Mozilla described it as a “buffer overflow in depth pitch calculations for compressed textures.” The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro’s Zero Day Initiative (ZDI), apparently only impacts Firefox running on Windows —…
Google Launches Database for Open Source Vulnerabilities
OSV should make it easier for the users of open source software to find out which vulnerabilities impact them. It can also help maintainers of open source software accurately identify all versions and commits impacted by a flaw across all their branches. Google OSVFor consumers, Google says OSV provides a database that can be easily…
The transportation sector needs a standards-driven, industry-wide approach to cybersecurity
Despite the uncertainties of the last year, the transformation of the transportation sector forged ahead, dominated by the prevailing trend of CASE (Connected, Autonomous, Shared, Electrified) technologies. Despite small setbacks caused by COVID-19 that impacted the automotive industry at large, analysts predict electric vehicle (EV) demand will continue on its upward trajectory in 2021, driven…
Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks
The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read…
SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems
SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company’s Orion monitoring product, and a few hundred — ones that presented an interest to the attackers — getting other malware that may have given the hackers deep access into their networks. Following the…
Over 1 Million Impacted by Data Breach at Washington State Auditor
At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files. Called FTA (File Transfer Application), Accellion’s service in mid-December received a patch for a critical vulnerability impacting less than 50 customers. The fix was…
Interview With a Russian Cybercriminal
IT security practitioners spend a lot of time strategizing ransomware defense, but many know little about the criminals plotting attacks. Who is the person behind a devastating ransomware campaign? Why did they choose a specific target? What about cybercrime appeals to them? To better understand the attacker’s perspective, Cisco Talos researchers interviewed a LockBit ransomware…
