Tuesday, August 3, 2021
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...
SecurityWeek

Finite State Raises $30 Million in Series B Funding

Connected device security provider Finite State on Monday announced that it has raised $30 million in Series B funding. To date, the company has raised $49.5 million. The funding round was led by Energize Ventures. Merlin Ventures and Schneider Electric...
SecurityWeek

Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software

Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices. FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics...
SecurityWeek

DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos

Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27). read...
SecurityWeek

Potential RCE Flaw Patched in PyPI’s GitHub Repository

A vulnerability in the GitHub Actions workflow for PyPI’s source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher. read more
SecurityWeek

OT Security Firm Nozomi Networks Raises $100 Million

Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in Series D pre-IPO-funding round. read more
SecurityWeek

Chipotle's Email Marketing Account Hacked to Spread Malware

Nobelium-style Phishing Tactics Used to Spread Malware read more
SecurityWeek

Cybersecurity M&A Roundup: 38 Deals Announced in July 2021

Nearly 40 cybersecurity-related mergers and acquisitions were announced in July 2021. read more
SecurityWeek

Cisco, Sonatype and Others Join Open Source Security Foundation

The Open Source Security Foundation (OpenSSF), the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft,...
SecurityWeek

Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy

Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU's data protection rules, the online retail giant said Friday. read more
SecurityWeek

NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public

The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings. read...
SecurityWeek

Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals

Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis. read more
SecurityWeek

Zoom to Settle US Privacy Lawsuit for $85 Mn

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for...
SecurityWeek

Justice Department Says Russians Hacked Federal Prosecutors

The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said. read more
SecurityWeek

Android Banking Trojan 'Vultur' Abusing Accessibility Services

A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric. read more
SecurityWeek

Russia's APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying

The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments. read more
SecurityWeek

New Chinese Threat Group 'GhostEmperor' Targets Governments, Telecom Firms

A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals. Tracked as GhostEmperor, the long-running operation focuses on targets in Southeast Asia and uses a formerly unknown Windows kernel-mode rootkit. read...
SecurityWeek

Window of Exposure is Expanding and Hackers Know Exactly Where to Strike

For the last 15 years, researchers have produced an annual State of Application Security report. But in the last 18 pandemic driven months, they told SecurityWeek, “the world has turned on its head.” Both application development and use, and...
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...