Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors. An advisory from Qualys documents…
All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was three years ago. A paper published on Friday by a team of computer scientists from the University of….
Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn’t always the case. To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a platform called BeVigil where individuals can search and check…
Security Researcher Released PoC Exploit for High-severity Vulnerability in Microsoft Exchange | IT Security News 4. May 2021 Last week, security specialist Nguyen Jang has released technical information and proof-of-concept exploit (PoC) code for the severe flaw CVE-2021-28482 in Microsoft Exchange Server that could be used by hackers to perform code on vulnerable systems. The…
The Bill and Melinda Gates Foundation is likely to continue as now despite the couple announcing their divorce after 27 years of marriage, Dr Beth Breeze, director of the Centre for Philanthropy, at Kent University, said. “They have got a 21-year history in their foundation of giving sums larger than anyone has given historically, working…
New Pingback Malware Using ICMP Tunneling to Evade C&C Detection | IT Security News 4. May 2021 Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems.Called ‘Pingback,’ the Windows malware leverages Internet Control…
The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. According to a statement put out by the ACS on Saturday, the court’s website had been taken offline and the ability to search court cases had…
Fraud Management & Cybercrime , Fraud Risk Management , Incident & Breach Response Faster Detection Is Good News, But More Speed Still Needed, Mandiant Reports Mathew J. Schwartz (euroinfosec) • May 3, 2021 Source: FireEye Mandiant “Dwell time,” which refers to how long hackers hang out in an organization’s network before being discovered,…
Artificial intelligence (AI) researcher, Joy Buolamwini, has spent the last four years raising awareness of the social implications and possible harm of the technology. Inspired by her own experiences of facial recognition tech she founded the Algorithmic Justice League and recently became the star of the Netflix documentary Coded Bias. BBC Click’s Spencer Kelly finds…
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns “multiple use after free” issues in Pulse Connect Secure that could…
