News

Four major security vulnerabilities were discovered in the BIOSConnect feature of Dell SupportAssist. The Dell SupportAssist vulnerabilities were allowing attackers to remotely execute code within the BIOS of impacted devices. The SupportAssist software is preinstalled on most Dell devices running Windows operating system, while BIOSConnect provides remote firmware update and OS recovery features. The chain of flaws that…

A hacking group believed to be responsible for the SolarWinds breaches used access to Microsoft’s support tools via a compromised customer service agent’s computer, a breach that enabled the hackers to perform further hacks against Microsoft’s customers. Disclosed on Friday via a blog post, Microsoft confirmed its investigation into the Nobelium hacking group found “information-stealing…

Application Security , Biometrics , Encryption & Key Management Microsoft Promises Better ‘Zero Trust’ Capability, Passwordless Access Doug Olenick (DougOlenick) • June 25, 2021     Microsoft’s upcoming Windows 11 operating system will have new security capabilities and a new look. (Source: Microsoft) Security specialists are offering preliminary feedback on Microsoft’s sneak peek at the…

Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Agency Offering $1 Million Rewards for Information on 2 Ukrainian Suspects Scott Ferguson (Ferguson_Writes) • June 25, 2021     The U.S. Secret Service Most Wanted Fugitives list The U.S. Secret Service has published a Most Wanted Fugitives list featuring 10 suspects wanted in connection…

3rd Party Risk Management , Application Security , Breach Notification Company Says Russian-Linked Group Targeted Its Customer Support System Scott Ferguson (Ferguson_Writes) • June 26, 2021     Photo: Microsoft The Russian-linked cyberespionage group behind the supply-chain attack against SolarWinds recently targeted Microsoft‘s customer support system as part of a new campaign, the company disclosed…

Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime New JSSLoader Variant is Being Spread by TA543 Group Akshaya Asokan (asokan_akshaya) • June 26, 2021     A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign,…

SAN FRANCISCO, June 25 (Reuters) – Microsoft (MSFT.O) said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for…

The Kremlin has expressed disappointment over the failure of European Union leaders to agree on a proposal by France and Germany to hold an EU-Russia summit with President Vladimir Putin. At late-night talks in Brussels, the proposal faced fierce resistance from member states — especially in Eastern Europe — over concerns that holding such a…

Ubuntu Security Notice 5001-1 – Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in…

Application Security , Biometrics , Encryption & Key Management Microsoft Promises Better ‘Zero Trust’ Capability, Passwordless Access Doug Olenick (DougOlenick) • June 25, 2021     Microsoft’s upcoming Windows 11 operating system will have new security capabilities and a new look. (Source: Microsoft) Security specialists are offering preliminary feedback on Microsoft’s sneak peek at the…