Aggregator

SolarWinds Releases Advisory for Serv-U Vulnerability

2 weeks ago
Original release date: July 13, 2021

SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.

Microsoft has reported limited and targeted attacks using a 0-day exploit against this vulnerability.

CISA encourages users and administrators to review the SolarWinds advisory and install the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Valimail Amplify enables mailbox providers to display logos next to authenticated email messages

2 weeks ago

Valimail announces general availability of Amplify, giving clients the ability to display their logo alongside authenticated email messages. Furthermore, the company’s founding and involvement in the Brand Indicators for Message Identification (BIMI) standard enables Gmail, AOL, Yahoo Mail, Fastmail and other mailbox providers to display logos next to an email message, indicating it has been authenticated. The leader in zero-trust, anti-phishing solutions Chairs industry group and releases new product to establish BIMI. “The team at … More →

The post Valimail Amplify enables mailbox providers to display logos next to authenticated email messages appeared first on Help Net Security.

Industry News

Apache Releases Security Advisory for Tomcat

2 weeks ago
Original release date: July 13, 2021

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Gmail increases email security by adding support for BIMI

2 weeks ago

Organizations who deploy Domain-based Message Authentication, Reporting, and Conformance (DMARC) will, from now on, be able to increase Gmail recipients’ trust in the emails, newsletters, receipts and offers they send by automatically displaying the company’s logo. This effective indicator that these types of email communication are, indeed, coming from that specific legitimate source is made possible by Gmail’s added support for the Brand Indicators for Message Identification (BIMI) standard. About BIMI BIMI is an email … More →

The post Gmail increases email security by adding support for BIMI appeared first on Help Net Security.

Zeljka Zorz

SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)

2 weeks ago

SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers,” the company shared. Microsoft has also shared … More →

The post SolarWinds patches zero-day exploited in the wild (CVE-2021-35211) appeared first on Help Net Security.

Zeljka Zorz

Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779)

2 weeks ago

Researchers at Armis discovered an authentication bypass vulnerability (CVE-2021-22779) in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). Modicon M580 The vulnerability, dubbed ModiPwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series. Millions of these PLCs and are now deemed to be at risk in what is considered to be a widescale vulnerability. … More →

The post Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779) appeared first on Help Net Security.

Help Net Security

It takes more than MFA to beat human hacking

2 weeks ago

While multi-factor authentication (MFA) is a much-needed addition to an effective cyber defense strategy, it is by no means foolproof. In fact, no single security effort can ever be considered entirely effective when facing off against threat actors that use automation to evade detection and identify an enterprise’s weak points. Instead, organizations must view MFA as another layer of security that helps mitigate against the risk of potential compromise. With artificial intelligence (AI) and machine … More →

The post It takes more than MFA to beat human hacking appeared first on Help Net Security.

Industry News

How Microsoft is taking cloud-powered innovation beyond Earth with Azure Space

2 weeks ago

The space community is growing rapidly and Microsoft’s Space team is developing capabilities and services to meet its needs for extended connectivity across the world, simulated digital space environments, and ways for dealing with the huge amount of data generated from satellites. Stephen Kitay – the Former Deputy Assistant Secretary of Defense for Space Policy and now Senior Director at Microsoft Azure Space – shared with Help Net Security how the company is helping drive … More →

The post How Microsoft is taking cloud-powered innovation beyond Earth with Azure Space appeared first on Help Net Security.

Mirko Zorz

Addressing the cybersecurity skills gap: Where do we go from here?

2 weeks ago

There are an estimated 3.12 million cybersecurity jobs that need to be filled – more than double the current number of workers in this field. With this drastic gap, it is vital that businesses, students, and the industry make it a priority to work together to protect against cyberattacks. Looking back to inform the future The cybersecurity industry has always been at a disadvantage because security was not much of a consideration when information technology … More →

The post Addressing the cybersecurity skills gap: Where do we go from here? appeared first on Help Net Security.

Help Net Security

Critical RCE Flaw in ForgeRock Access Manager Under Active Attack

2 weeks ago
Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools,"
Ravie Lakshmanan

A more dynamic approach is needed to tackle today’s evolving cybersecurity threats

2 weeks ago

For decades, the cybersecurity industry has followed a defense-in-depth strategy, which allowed organizations to designate the battlefield against bad actors at their edge firewall. The shift to the cloud has slowly reduced the dependence on network isolation, as businesses move critical services such as email, helpdesks, and intellectual property from behind their firewall into areas covered by software-as-a-service providers. Cloud technology has become a key enabler of the remote working shift. When the pandemic hit, … More →

The post A more dynamic approach is needed to tackle today’s evolving cybersecurity threats appeared first on Help Net Security.

Help Net Security

Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites

2 weeks ago
Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims. The attack involves deceiving
Ravie Lakshmanan

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer