Hackers Release Israeli LGBTQ Dating Site Details
The Google search engine blocked access to the sites of the group Black Shadow,” the justice said ministry said, a move it said was taken at the request of the government’s Cyber Unit. Messaging application Telegram had also suppressed Black Shadow groups, it added. The announcement came hours after Black Shadow dumped a large file…
SAP Patches Critical Vulnerabilities With September 2021 Security Updates
The most important of the newly released security notes patches a missing authorization check in SAP NetWeaver Application Server for Java. Tracked as CVE-2021-37535, the vulnerability has a CVSS score of 10. Two other critical vulnerabilities (CVSS score of 9.9) were addressed with Hot News security notes for NetWeaver. These include CVE-2021-38163, an unrestricted file…
Cisco Discloses Details of macOS SMB Vulnerabilities
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…
BIND Vulnerabilities Expose DNS Servers to Remote Attacks
Three new security advisories have been published, including two that cover high-severity vulnerabilities that can be exploited remotely. The advisories describing the vulnerabilities were made public on April 28, but some organizations were privately notified in advance. The most serious of the flaws — based on its CVSS score of 8.1 — is CVE-2021-25216, a…
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
A ransomware attack last fall cost Universal Health Services $67 million in pre-tax losses, the healthcare provider confirmed in an earnings report released today. Referring to it as an “information technology security incident,” UHS officials said the cyberattack forced the organization to suspend user access to several information technology applications in the US during the…
Critical Vulnerability Patched in SAP Commerce Product
Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory. The vulnerability impacts SAP Commerce if the rule engine extension is installed. Meant to define and execute rules to manage decision-making scenarios, the rule engine uses a ruleContent attribute offering…
SAP Releases August 2020 Security Updates
The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Tracked as CVE-2020-6284 and featuring Hot News priority, the issue has a CVSS score of 9. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to…
CrowdStrike Fails In Bid To Stop NSS Labs From Publishing Test Results At RSA
A security vendor’s failed attempt to prevent a report containing details on its product’s capabilities from being released at the RSA conference in San Francisco this week has focused attention on the need for more widely accepted testing and validation services for security technologies. The report is from NSS Labs, a company that bills itself…