Facebook Announces Encrypted WhatsApp Backups
While a user can easily turn on WhatsApp on any new device, given that accounts are phone number-based, conversation history isn’t available unless a backup was created on the previous device. Users can set time intervals for the creation of local backups and can also choose to store those in the cloud, for fast access….
GitHub Patches Security Flaws in Core Node.js Dependencies
“These vulnerabilities may result in arbitrary code execution due to file overwrite and creation when tar is used to extract untrusted tar files or when the npm CLI is used to install untrusted npm packages under certain file system conditions,” GitHub said in an advisory. A code npm dependency, tar is used to extract and…
Lack of C3PAO assessors jeopardizes DoD CMMC certification goal
If you do business with the Department of Defense (DoD), then the Cybersecurity Maturity Model Certification (CMMC) is known to you. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) approved the first company to become a certified assessor in May 2021. Since then, three additional companies have been approved. That’s it. Four companies have been…
Germany Protests to Russia Over Pre-Election Cyberattacks
Foreign Ministry spokeswoman Andrea Sasse said that a hacker outfit called Ghostwriter has been “combining conventional cyberattacks with disinformation and influence operations,” and that activities targeting Germany have been observed “for some time.” She said that, ahead of Germany’s parliamentary election on Sept. 26, there have been attempts – using phishing emails, among other things…
USCYBERCOM Warns of Mass Exploitation of Atlassian Vulnerability Ahead of Holiday Weekend
“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,” USCYBERCOM tweeted Friday morning. “Please patch immediately if you haven’t already— this cannot wait until after the weekend.” On August 25, Atlassian issued patches to address the critical code execution vulnerability that carried a CVSS score of 9.8. Described by the software maker…
Critical Vulnerability Exposed Azure Cosmos DBs for Months
A fully managed NoSQL database, Cosmos DB was launched in 2017, for use with web and mobile applications, but also supports modeling social interactions and integration with third-party services. Earlier this month, researchers with the cloud security firm Wiz discovered a vulnerability in the Azure cloud platform that could allow a remote attacker to take…
The VC View: Digital Transformation
The first thing to ask before we talk about digital transformation, is what the heck does “digital transformation” even mean? The reality is that there isn’t a standard definition. Every company is going to have a slightly different path. Many people have different opinions on what it stands for. But the fact that the phrase…
High-Severity DoS Vulnerability Patched in BIND DNS Software
The flaw, tracked as CVE-2021-25218, affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions 9.16.20, 9.17.17 and 9.16.20-S1. Workarounds are also available. It’s worth noting that while the existence of the vulnerability was made public on August 18, customers received a notification one week in advance. The vulnerability can be exploited remotely…
BadAlloc Flaw Impacts Many Systems Running BlackBerry’s QNX Embedded OS
Publicly disclosed in April, BadAlloc is a collection of 25 vulnerabilities impacting many Internet of Things (IoT) and operational technology (OT) devices. The flaws can allow malicious attackers to gain control of highly sensitive systems. The issue affects C standard library (libc) implementations, real-time operating systems (RTOS), and embedded software development kits (SDKs), and could…
Colonial Pipeline Confirms Personal Information Impacted in Ransomware Attack
The attack, which took place in May 2021, involved the Darkside ransomware and resulted in the Georgia-based company temporarily shutting down operations and paying $5 million to the attackers to recover stolen information. Most of the money was recovered, the US announced in June. In a notification letter sent to the Maine Attorney General’s Office,…
