SecurityWeek
Chipmaker Intel Corp. Blames Internal Error on Data Leak
The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report early. It said its corporate network was not compromised.
SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws
Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.
Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP
Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials. The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.
Biden Orders Intel Agencies to Provide Full Assessment of SolarWinds Hack
Just says into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government agencies and businesses.
Intel's Early Earnings Release Triggered by Hack
U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020.
Sophos: Crypto-Jacking Campaign Linked to Iranian Company
An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos.
QNAP Warns NAS Users of 'dovecat' Malware Attacks
QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.”
Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks
Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week.
Enterprise Credentials Publicly Exposed by Cybercriminals
Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.
Drupal Updates Patch Another Vulnerability Related to Archive Files
Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.
Multi-Cloud Network Security Provider Valtix Raises $12.5 Million
Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding.
Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers
Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC).
Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products
Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS).
Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover
Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.
Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw
A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020.
'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users
A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.
In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track
Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders
Snort 3 Becomes Generally Available
Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system (IPS/IDS).
Oracle's January 2021 CPU Contains 329 New Security Patches
Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.
Ransomware Took Heavy Toll on US in 2020: Researchers
Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report.