Saturday, January 16, 2021
SecurityWeek

Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files. read more
SecurityWeek

Data Security Startup Qohash Raises $6 Million

Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital. read more
SecurityWeek

Microsoft Reminds Organizations of Upcoming Phase in Patching Zerologon Vulnerability

Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability. read more
SecurityWeek

Facebook Takes Legal Action Against Data Scrapers

Facebook on Thursday announced that it took legal action against two individuals for scraping data from its website. read more
SecurityWeek

Malvuln Project Catalogues Vulnerabilities Found in Malware

A researcher has launched Malvuln, a project that catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited. read more
SecurityWeek

NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS

The National Security Agency (NSA) on Wednesday published guidance for businesses on the adoption of an encrypted domain name system (DNS) protocol, specifically DNS over HTTPS. read more
SecurityWeek

Telegram-Based Automated Scam Service Helps Fraudsters Make Millions

More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB. read more
SecurityWeek

Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks

A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service (DoS) attacks. read more
SecurityWeek

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. read more
SecurityWeek

CISA Warns Organizations About Attacks on Cloud Services

In light of successful cyberattacks targeting organizations’ cloud services, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a series of recommendations on how businesses can improve their cloud security. read more
SecurityWeek

Capcom Says Personal Data of Thousands More Stolen in Ransomware Attack

Video game giant Capcom this week revealed that thousands more people than initially believed had their personal information stolen in a ransomware attack in November 2020. read more
SecurityWeek

Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways

Several vulnerabilities have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including flaws that researchers claim can be exploited to gain root access to a device and create backdoors. read more
SecurityWeek

Over 70 Vulnerabilities Will Remain Unpatched in Cisco EOL Routers

Cisco this week announced that it does not plan on addressing tens of vulnerabilities affecting some of its small business routers. read more
SecurityWeek

EU Court Opinion Leaves Facebook More Exposed Over Privacy

Any EU country can take legal action against companies like Facebook over cross-border violations of data privacy rules, not just the main regulator in charge of the company, a top court adviser said Wednesday. read more
SecurityWeek

New Zealand Central Bank Says Accellion Service at Heart of Cyberattack

The Reserve Bank of New Zealand – Te Pūtea Matua – says Accellion’s FTA (File Transfer Application) file sharing service was involved in a security incident disclosed on Sunday. read more
SecurityWeek

Official: Number of Victims of Russian Hack Likely to Grow

The number of federal agencies and private companies who learn that they have been affected by a massive Russian hack is expected to grow as the investigation into it continues, the U.S. government’s chief counterintelligence official said Tuesday. read more
SecurityWeek

IoT Security Firm Vdoo Expands Series B Funding to $57 Million

New Funding Will Help IoT Device Security Firm Support Demand from Telcos and Utilities  read more
SecurityWeek

Tech Giants Hope for US Data Privacy Law

Google, Twitter and Amazon are hopeful that Joe Biden's incoming administration in the United States will enact a federal digital data law, senior company officials said at CES, the annual electronics and technology show. read more
SecurityWeek

Hackers Publish COVID-19 Vaccine Data Stolen From EU Medicines Agency

Hackers have started leaking documents related to COVID-19 medicine and vaccines that were stolen from the European Medicines Agency (EMA) in early December 2020. read more
SecurityWeek

SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale

Someone has set up a website named SolarLeaks where they are offering to sell gigabytes of files allegedly obtained as a result of the recently disclosed SolarWinds breach. read more
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.
SC Magazine

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...