Monday, January 24, 2022

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Trickbot Injections Get Harder to Detect & Analyze

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...
TechRepublic

Personal identifying information for 1.5 billion users was stolen in 2021, but from where?

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.

DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US

Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.

Surge in Malicious QR Codes Sparks FBI Alert

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
TechRepublic

REvil gang member arrests strike fear among cybercriminals on the Dark Web

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
SecurityWeek

Court Awards Merck $1.4B Insurance Claim Over NotPetya Cyberattack

New Jersey court delivers summary judgment against insurance company’s refusal to pay based on war exclusion clause read more

Hactivists say they hacked Belarus rail system to stop Russian military buildup

Enlarge / Servicemen of Russia's Eastern Military District units attend a welcoming ceremony as they arrive in Belarus to take part in joint military exercises. Russia's military is combining its own...

Ransomware Operators Are Feeling the Heat

Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.
Infosecurity Magazine

IRS to Require New ID Verification

IRS to Require New ID VerificationAmerican taxpayers will soon be required to sign up with an identity verification company to access their Internal Revenue Service (IRS) accounts online. Currently, those with an online account at IRS.gov online can log in using only their...
Infosecurity Magazine

SBA Announces $3m Cybersecurity Program

SBA Announces $3m Cybersecurity ProgramThe United States Small Business Administration (SBA) has launched a program to help the country’s emerging small businesses to improve their cybersecurity infrastructure.  SBA administrator Isabella Casillas Guzman, who heads the SBA, announced the new Cybersecurity for Small...
SecurityWeek

Microsoft Restricts Excel 4.0 Macros by Default

Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default. read more
SecurityWeek

Facebook Trumpets Massive New Supercomputer

Facebook's parent company Meta announced on Monday it was launching one of the world's most powerful supercomputers to boost its capacity to process data, despite persistent disputes over privacy and disinformation. read more