A newly discovered Golang-based malware is using over 30 exploits in attacks, potentially putting millions of routers and Internet of Things (IoT) at risk of malware infection, according to a warning from AT&T Alien Labs. Dubbed BotenaGo, the threat deploys a backdoor on the compromised device, and then waits for commands – either from a ..
Tag : NEWS&INDUSTRY
Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks. The company released multiple security bulletins to warn of the risks and called special attention to a pair of “high-risk” bugs affecting its on-prem meeting connector software and the popular Keybase Client. ..
A researcher has discovered that a Windows vulnerability for which Microsoft released an incomplete patch in August is more serious than initially believed. Tracked as CVE-2021-34484, the bug is described by Microsoft as a Windows User Profile Service elevation of privilege, and requires local, authenticated access for exploitation. All versions of Windows, including Windows Server, ..
Hewlett Packard Enterprise (HPE) has confirmed that a small amount of customer data was compromised in a data breach involving its subsidiary Aruba Networks. The incident, HPE says, was discovered on November 2, and involved the use of an access key to gain unauthorized access to “a limited subset of information held in the Aruba ..
Google and Adobe this week announced the availability of new open source security tools, for continuous fuzzing and detecting living-off-the-land attacks. Google releases ClusterFuzzLite Google announced the open source release of ClusterFuzzLite, which it described as a ClusterFuzz-based continuous fuzzing solution that runs as part of continuous integration (CI) workflows in an effort to help ..
Google on Thursday shared details about a recent attack that exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. According to Google, the attack, discovered in late August, was likely conducted by a well-resourced state-sponsored threat group which, based on the quality of their code, had access to their own ..
British Foreign Secretary Liz Truss met with Indonesian officials on Thursday and discussed closer cooperation in future technologies, cybersecurity and economic relations as part of British efforts to deepen ties to Southeast Asia after leaving the European Union. Truss said she and Foreign Minister Retno Marsudi discussed a roadmap for closer cooperation. “We need to ..
Cyber Insurance is a work in progress, with many existing customers effectively guinea pigs The basic problem for the cyber insurance industry is easy to state but hard to solve. Income (premiums) must exceed outgoings (claims) by around 30% (operating costs + profit). If claims increase, so must premiums for the insurance model to remain ..
United States Vice President Kamala Harris on Wednesday formally announced support for the Paris Call for Trust and Security in Cyberspace, an international collaborative initiative aimed at advancing cybersecurity. Issued in 2018, the Paris Call details nine principles to improve stability in cyberspace through global collaboration, and has been already signed by 79 countries. The ..
An 18-month research project has resulted in the discovery of nearly 100 vulnerabilities across more than a dozen TCP/IP stacks. The research, named Project Memoria, was conducted by enterprise device security firm Forescout in collaboration with others. It resulted in the discovery of the vulnerabilities tracked as Ripple20, AMNESIA:33, NUMBER:JACK, NAME:WRECK, INFRA:HALT, and NUCLEUS:13. TCP/IP ..