network security

Vulnerabilities

Issued by: Security Week

Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel. Tracked as CVE-2021-26708 and featuring a CVSS score of 7.0, the security holes were introduced in Linux kernel version 5.5 in November 2019. The vulnerabilities are the result of race conditions that were…

Network Security

Issued by: Security Week

Serving articles about the Perl programming language since 1997 and managed by The Perl Foundation, the domain started pointing to a parked site at the end of January, with evidence suggesting connections to sites distributing malware. The issue, some of those involved with maintaining the site said at the time, was related to an account…

Vulnerabilities

Issued by: Security Week

The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read…

Network Security

Issued by: Security Week

Stormshield provides network security, endpoint security and data security solutions. The company describes itself as a “European leader in digital infrastructure security” and claims to have a presence in more than 40 countries. In a security incident notice posted on its website, Stormshield said it recently detected unauthorized access to a technical portal used by…

Vulnerabilities

Issued by: Security Week

SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company’s Orion monitoring product, and a few hundred — ones that presented an interest to the attackers — getting other malware that may have given the hackers deep access into their networks. Following the…

Vulnerabilities

Issued by: CSO

At the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity leads, Senior Security Researcher Sergei Frankoff and Senior Intelligence Analyst Eric Loui, offered details on an emerging major ransomware actor they call Sprite Spider. Like many other ransomware attackers, the gang behind Sprite Spider’s attacks has grown rapidly in sophistication and damage capacity since…

Network Security

Issued by: CSO

The SolarWinds/Solorigate attacks used some concerning methodologies. One of them has been what is called the Golden SAML attack process. Security Assertion Markup Language (SAML) enables the exchange of authentication and authorization information between trusted parties. The Golden SAML technique allows attackers to generate their own SAML response to gain access or control. To do…

Vulnerabilities

Issued by: Security Week

A total of 68 high-severity flaws were identified in Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers, but the company says patches won’t be released, because these devices have reached end-of-life (EOL). The last day for software maintenance releases and bug fixes was December 1, 2020. The security bugs exist because user-supplied input to…

Cloud Security

Issued by: Help Net Security

iboss has raised $145 million in new funding. The financing will be used to support the company’s growth as organizations increasingly recognize iboss as the leading provider of cutting-edge network security through the cloud. The new funding comes as the pandemic has accelerated the ongoing shift to cloud-based cybersecurity providers. As organizations of all sizes…