News

Application Security , Governance & Risk Management , Next-Generation Technologies & Secure Development None Are Rated Critical, But Analysts Say Patching Each Is Important Doug Olenick (DougOlenick) • June 9, 2021     Microsoft’s June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that…

Summary: A potential security vulnerability in the Intel® Server Platform Services (SPS) may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-0051 Description: Improper input validation in the Intel(R) SPS versions before SPS_E5_04.

Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service Company’s IT Team Was Unaware the VPN Exploited to Gain Entry Existed Doug Olenick (DougOlenick) • June 8, 2021     Colonial Pipeline Co. CEO Joseph Blount testifying on Tuesday before the Senate Homeland Security and Governmental Affairs Committee Colonial Pipeline Co. CEO Joseph Blount defended his…

A reverse engineer has discovered what is claimed to be “the first known malware targeting Windows containers to compromise cloud environments,” a sentence to put any system administrator on edge. Building on work published in December of last year on reverse-engineering Windows containers, security researcher Daniel Prizmant’s latest discovery – made during his day job…

Application Security , Critical Infrastructure Security , Cybercrime Security Agency Will Use Bugcrowd, EnDyna for Platform Scott Ferguson (Ferguson_Writes) • June 8, 2021     The U.S. Cybersecurity and Infrastructure Security Agency is preparing to expand its vulnerability research and disclosure program, which is now mandatory for nearly all executive branch agencies within the federal…

Cybercrime , Fraud Management & Cybercrime , Network Detection & Response ExtraHop’s Executive Suite Will Retain Its Roles Doug Olenick (DougOlenick) • June 9, 2021     ExtraHop announced Tuesday it has entered into a definitive agreement to be acquired by the private equity firms Bain Capital Private Equity and Crosspoint Capital Partners for $900…

United States trucks and military vehicles maker Navistar International Corporation has confirmed a cyberattack that resulted in some data being stolen. On Monday, in a Form 8-K filing with the Securities and Exchange Commission (SEC), Navistar said it learned of a credible potential cybersecurity threat to its information technology system on May 20, 2021. Navistar…

An early clue that something was amiss with the computers at New York City’s Law Department — the 1,000-lawyer agency that represents the city in court — emerged on Monday when a lawyer for the department wrote to a federal judge in Manhattan, asking for a short delay in filing court papers because of “connectivity”…

Today is Microsoft’s Jube 2021 Patch Tuesday, in which Microsoft had fixed Six Zero-day vulnerabilities which you should apply. In total Microsoft patched 50 vulnerabilities in this June update, among which five are noted as critical and the rest 45 are marked as important.  The six actively exploited zero-day vulnerabilities are: CVE-2021-31955 – Windows Kernel…