Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, … [Read more...] about SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
Critical
Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management … [Read more...] about Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices
A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper … [Read more...] about Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices
A Critical Random Number Generator Flaw Affects Billions of IoT Devices
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," … [Read more...] about A Critical Random Number Generator Flaw Affects Billions of IoT Devices
India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks
Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo's web application that allows … [Read more...] about India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks
The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control
Chief Information Security Officers (CISOs) across the Global 2000 and Fortune 1000 are obsessed with protecting the workforce endpoints as critical vulnerabilities in the cybersecurity and risk management posture of their enterprises. CISOs focus on cybersecurity controls that operate mostly transparently and are focused on mitigating the potential risks to the computing … [Read more...] about The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control
Preparing for Critical Infrastructure Changes in Australia
In light of the recent May 2021 Federal Budget, which puts focus on Cybersecurity, the Australian Government’s increased emphasis on protecting critical infrastructure from cyberattacks is an important step in strengthening our ability to defend the Australian economy and society at large. The Australian Government’s Security Legislation Amendment (Critical Infrastructure) Bill … [Read more...] about Preparing for Critical Infrastructure Changes in Australia
5 Critical Steps to Recovering From a Ransomware Attack
Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack … [Read more...] about 5 Critical Steps to Recovering From a Ransomware Attack
10 Critical Flaws Found in CODESYS Industrial Automation Software
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from … [Read more...] about 10 Critical Flaws Found in CODESYS Industrial Automation Software
Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux
A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were … [Read more...] about Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux