The White House Is Deciding Whether to Support a Bureau of Cyber Statistics
The White House Is Deciding Whether to Support a Bureau of Cyber Statistics
A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails. Tracked as CVE-2021-33766 and referred to as ProxyToken, the vulnerability has a severity rating of medium (CVSS score of 6.5). The security hole was identified by Le Xuan…
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \evil.com/path. This vulnerability is only exploitable if an….
China’s cyberspace watchdog said on Monday it is investigating online recruiter Zhipin, and truck-hailing apps Huochebang and Yunmanman, ramping up a crackdown on the mainland’s tech companies amid tightened regulations on data security. The announcement comes a day after the Cyberspace Administration of China (CAC) ordered a suspension of app downloads for Chinese ride-hailing giant…
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a “sophisticated second-stage backdoor,” as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor’s tactics and techniques. Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of…
Italy announced the creation of the national cybersecurity agency, a move aimed at increase the level of cyber security of its infrastructure The Italian government has announced the creation of a new agency focused on cybersecurity, Prime Minister Mario Draghi provided its strong commitment to the creation of the agency that is tasked to protect…
Written by Tim Starks Jun 29, 2021 | CYBERSCOOP A ransomware group that targets billion-dollar companies — but that has stubbornly defied attribution consensus among cybersecurity researchers — has claimed at least seven victims since its discovery late last year. What’s more, it has taken additional steps in an apparent bid to baffle investigators who…