Wednesday, April 21, 2021
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
The Register

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...
SecurityWeek

Google Chrome Hit in Another Mysterious Zero-Day Attack

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. read more

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
Brian Krebs

Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. — a $4 billion technology goliath whose analyst reports can move markets and...
SC Magazine

Hackers exploit unpatched vulnerabilities, zero day to attack governments and contractors

While the cybersecurity community pumps out a seemingly unending list of newly discovered software and hardware vulnerabilities each day, many organizations are far more likely to be compromised in part or in whole by older flaws that have yet...
SecurityWeek

Pulse Secure Zero-Day Flaw Actively Exploited in Attacks

Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month. read more

Foreign Spies Target British Nationals With Fake Social Media Profiles

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.
FireEye

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution...

Attackers Compromised Code-Checking Vendor's Tool for Two Months

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from...

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
SecureMac

What is Google’s FLoC (and does it harm privacy)?

What is Google’s FLoC? In this article, we'll explain what FLoC is, why it may be a privacy threat, and how to check for it in your browser. The post What is Google’s FLoC (and does it harm privacy)? appeared...
SC Magazine

Foreign threat actors used fake LinkedIn profiles to lure 10,000 UK nationals

Some 10,000 U.K. nationals have been lured on LinkedIn over the past five years by fake profiles tied to hostile nation-state threat actors The story was first reported by BBC, which attributed the news to MI5, the British spy agency...

Dating Service Suffers Data Breach

Dating Service Suffers Data BreachMen's social networking website and online dating application Manhunt has suffered a data breach.  According to a security notice filed with the office of the Washington attorney general on April 1, the 20-year-old site was compromised in a cyber-attack that...
The Register

Would be so cool if everyone normalized these pesky data leaks, says data-leaking Facebook in leaked memo

Blundering mouthpiece sent arrogant line to journalist by accident Facebook wants you to believe that the scraping of 533 million people’s personal data from its platform, and the dumping of that data online by nefarious people, is something to...
SecurityWeek

Passwordless Authentication Firm HYPR Raises $35 Million

HYPR, a company that provides cloud-based passwordless authentication platform, has raised $35 million in a Series C financing, doubling the company’s total funding to more than $70 million.  read more
Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021

On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory , that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA...
CERT

VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR...
CERT

VU#213092: Pulse Connect Secure vulnerable to authentication bypass that could allow for remote code execution

Overview Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker...