featured Archives - Page 36 of 75 - Cyber Security Minute

New Google Tool Helps Developers Visualize Dependencies of Open Source Projects

Issued by: Security Week

In an effort to help developers gain a better perspective into the packages their open-source projects rely on, Google has introduced Open Source Insights, an exploratory visualization site that offers a view of dependencies, in an organized and accessible way. One of the main issues that Open Source Insights aims to address is related to…

Malware & Threats

White House urges private sector to enhance their ransomware defenses

Issued by: Help Net Security

In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat. The Federal Government is working with partners around the world to disrupt and deter ransomware actors, by…

Vulnerabilities

Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores

Issued by: Security Week

Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices. The plugin provides various other customization options as well. This week, Wordfence discovered that threat actors are targeting an unpatched critical vulnerability in Fancy Product Designer. The…

Malware & Threats

Swedish Public Health Agency Says Disease Database Targeted in Cyberattacks

Issued by: Security Week

SmiNet was shut down on Thursday, after the agency identified several attempts to gain unauthorized access to the database, but it was restored by Friday night. On Thursday, the Public Health Agency announced that it had shut down the database to prevent hacking attempts, and immediately launched an investigation into the matter. The incident was…

Vulnerabilities

Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations

Issued by: Security Week

Tracked as CVE-2021-22893, the vulnerability was made public in late April, after security researchers discovered that threat actors had already been exploiting it in attacks targeting organizations in the defense, financial, government, high tech, and transportation sectors in the U.S. and Europe. At the time, FireEye revealed that at least two Chinese threat actors believed…

Network Security

Half-Double: Google Researchers Find New Rowhammer Attack Technique

Issued by: Security Week

Rowhammer attacks — first discussed in 2014 — involve repeatedly accessing a row of memory in an effort to cause bit flips in adjacent rows, which can be useful for by passing memory protections. A malicious actor could use Rowhammer to escalate privileges and for other purposes, and researchers have demonstrated over the past years…

Network Security

Experts or ‘Grifters’? Little-Known Firm Runs Arizona Audit

Issued by: Security Week

In early March, a Boston-based vote-counting firm called Clear Ballot Group sent a bid to Arizona’s state Senate to audit the 2020 presidential election results in Maricopa County. The firm has conducted more than 200 such audits over 13 years in business. “Our level of comparison data is unmatched,” Keir Holeman, a Clear Ballot Group…

Application Security

UK-Based API Security Firm 42Crunch Raises $17 Million

Issued by: Security Week

42Crunch provides an application programming interface (API) ‘micro firewall’. APIs are a serious and growing threat vector. In 2019, Gartner stated, “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” Its proposed solution was, “Use a Combination of API Management and Web…

Application Security

Agility Broke AppSec. Now It’s Going to Fix It.

Issued by: Dark Reading

In today’s high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in…

Vulnerabilities

Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks

Issued by: Dark Reading

The ubiquitous Wi-Fi standard has at least three design flaws that allow a local attacker to intercept and exfiltrate wireless traffic, while additional implementation flaws enable more serious attacks for some wireless traffic, a well-known security researcher revealed this week. The design flaws in the IEEE 802.11 standard — more commonly known as Wi-Fi —…