Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009. Hundreds of millions of Dell laptops, notebooks, and tablets are at risk of compromise from a set of five high-severity flaws that have been undetected since at least 2009. The flaws allow an attacker who already has…
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities. I agree that my submitted data is being collected and stored. For further details on handling user data, see our ….
The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named ’21Nails,’ the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be…
Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management Steve Yurich, CISO of Penn National Insurance, on the Need for Frequent Scanning Suparna Goswami (gsuparna) • May 3, 2021 Steve Yurich, CISO at Penn National Insurance Effective vulnerability management requires more frequent scanning of infrastructure, says Steve…
Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Despite being the least severe…
In the past week the Australian government’s language on China has hardened. Defence Minister Peter Dutton has said a war over Taiwan could not be discounted, that Australia was “already under attack” in the cyber domain and that he wants to have a “more frank discussion with the public” about China’s intentions. Mr Dutton said…
Governance & Risk Management , IT Risk Management , Patch Management Permanent Fix Replaces Earlier Workaround Scott Ferguson (Ferguson_Writes) • May 3, 2021 Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies,…
Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack | IT Security News 4. May 2021 Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.Tracked as CVE-2021-22893 (CVSS score…
Defense DOD expands bug bounty program to public networks, systems By Lauren C. Williams May 04, 2021 White hat hackers will get even more opportunities to poke around the Defense Department for vulnerabilities now that it has expanded its bug bounty program to include all of its publicly available information systems. The…
Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management Proofpoint: New Code Makes ‘RustyBuer’ Version Harder to Detect Doug Olenick (DougOlenick) • May 3, 2021 A malicious attachment containing RustyBuer malware (Source: Proofpoint) Attackers are using a freshly updated variant of the Buer first-stage malware loader rewritten in the…
