All the latest blog posts from the most relevant cyber security companies in the business.

The development, first reported by Business Insider, comes as German federal prosecutors probe alleged cyber attacks against lawmakers during the campaign to choose a new parliament and a successor to Chancellor Angela Merkel. “At the end of August the website of the Federal Returning Officer only had limited accessibility for a few minutes due to…

Tracked as CVE-2021-40539 and rated critical severity (CVSS score of 9.8), the vulnerability has been exploited since August 2021 to execute code remotely and take over vulnerable systems. Affecting the representational state transfer (REST) application programming interface (API) URLs of the self-service password management and single sign-on solution, the issue is an authentication bypass bug…

Microsoft’s guidance was published just as researchers noticed that one of the vulnerabilities is already being exploited in the wild. It appears that the Mirai botnet is attempting to compromise vulnerable systems and that it also closes port 5896 (OMI SSL port) to keep other attackers out. An open-source Web-Based Enterprise Management (WBEM) implementation, OMI…

Starting last year, the video calling platform has been offering E2EE in Zoom Meetings, and it is now ready to make it available for one-on-one phone conversations made through the Zoom client as well. Once the new feature is available, users will see a “More” option during phone calls, allowing them to turn on encryption,…

The most important of the newly released security notes patches a missing authorization check in SAP NetWeaver Application Server for Java. Tracked as CVE-2021-37535, the vulnerability has a CVSS score of 10. Two other critical vulnerabilities (CVSS score of 9.9) were addressed with Hot News security notes for NetWeaver. These include CVE-2021-38163, an unrestricted file…

Siemens Siemens has released 21 new advisories and updated 25 previously published advisories. The new advisories cover 36 vulnerabilities, including five that have been assigned a critical severity rating. One of the critical flaws, with a CVSS score of 10, impacts the Desigo CC building management platform and the Cerberus danger management station (DMS). The…

Before joining CISA as chief of staff, Todt served as managing director of the non-profit Cyber Readiness Institute (CRI). She also served as president and managing partner at risk management consulting firm Liberty Group Ventures between 2012 and 2016. Kiersten TodtAs for roles in the government, Todt served in 2016 as the executive director of…

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…