2021, Data, Information Security and Security - Information Management Today

2021

Data

Information Security

Security

Google addresses a high severity flaw in V8 engine in Chrome

Security Affairs

APRIL 28, 2021

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227 , in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser.

Cybersecurity

Cybersecurity Security IT Information Security

Google addressed 3 actively exploited flaws in Android

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin. .

Libraries

Libraries Security Access IT

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

OpenWRT forum hacked, intruders stole user data

Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWRT forum was compromised during the weekend and user data were stolen by intruders. The administrators of the forum disclosed the data breach with an announcement published on the forum.

Data breaches

Data breaches Passwords Phishing Authentication

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. “Some telemetry data is shown below. 2021-12-22 18:38:18 2021-12-23 11:33:58.

Manufacturing

Manufacturing File names Archiving Encryption

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.” Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. — Matthew Prince (@eastdakota) December 11, 2021.

Mining

Mining Honeypots Libraries IT

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Security Affairs

OCTOBER 6, 2023

This vulnerability was introduced in April 2021.” ” Multiple security researchers have already developed their own proof-of-concept exploits for this flaw. ” Below is the disclosure timeline: 2023-09-04: Advisory and exploit sent to secalert@redhat. ” concludes the report.

Libraries

Libraries Risk Security IT

Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93

Security Affairs

SEPTEMBER 2, 2021

Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. The three remaining high-severity use-after-free issues were respectively tracked as CVE-2021-30607, CVE-2021-30608, and CVE-2021-30609. The Use after free in Extensions API.

Security

Security IT Information Security

The power and responsibility of 5G

Thales Cloud Protection & Licensing

APRIL 29, 2021

Thu, 04/29/2021 - 08:33. There is, however a seriousness consideration to this new technology; data security. Where should data security be assigned? Who should hold the responsibility of ensuring the data is secure? The power and responsibility of 5G. Billion people on the planet right now.

Cloud

Cloud IoT Information Security Data breaches

Dirty Pipe Linux flaw allows gaining root privileges on major distros

Security Affairs

MARCH 7, 2022

Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. The post Dirty Pipe Linux flaw allows gaining root privileges on major distros appeared first on Security Affairs. The vulnerability affects Linux Kernel 5.8

Passwords

Passwords Access Security IT

CryptoAgility to take advantage of Quantum Computing

Thales Cloud Protection & Licensing

MAY 4, 2021

Tue, 05/04/2021 - 09:40. The same goes with the advent of Quantum Computing , which is supposed to bring exponential computing power that shall not only bring endless benefits but also raises question marks on the current state of cryptography that is the bedrock of all information security as we know today.

Computer and Electronics

Computer and Electronics IoT Communications Risk

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The group keeps updating its toolset to evade security mechanisms.” ” reads t he analysis published by Malwarebytes.

Metadata

Metadata Phishing Communications Ransomware

Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor

Security Affairs

FEBRUARY 4, 2022

Researchers from cybersecurity company Volexity uncovered a cyber espionage spear-phishing campaign, tracked as EmailThief , that has been active at least since December 2021. The post Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor appeared first on Security Affairs. ” concludes the report.

Phishing

Phishing Cybersecurity Access Security

Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto

Security Affairs

APRIL 15, 2021

The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

e-Discovery

e-Discovery IT Marketing Security

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

Figure 1 shows two email templates distributing QakBot in Portugal in early May 2021. Figure 1: Email template of QakBot malware targeting Portuguese Internet end users – May 2021. xlsm MD5 : f86c6670822acb89df1eddb582cf0e90 Creation time: 2021-04-29 22:18:33. h/t @MiguelSantareno – malware submitted on 0xSI_f33d.

Encryption

Encryption Libraries Ransomware IT

The Road to Zero Trust

Thales Cloud Protection & Licensing

APRIL 21, 2021

Thu, 04/22/2021 - 06:36. The information technology landscape is evolving at a feverish pace. But behind the scenes, this emergence of often untrusted devices (BYOD) and an increased adoption of unsanctioned applications (a trend called “Shadow IT”) has led to security nightmares for IT departments.

Risk

Risk Cloud Digital transformation Encryption

Google addresses a high severity flaw in V8 engine in Chrome

Google addressed 3 actively exploited flaws in Android

Trending Sources

OpenWRT forum hacked, intruders stole user data

New RedLine malware version distributed as fake Omicron stat counter

Log4Shell was in the wild at least nine days before public disclosure

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93

The power and responsibility of 5G

Dirty Pipe Linux flaw allows gaining root privileges on major distros

CryptoAgility to take advantage of Quantum Computing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor

Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto

A taste of the latest release of QakBot

The Road to Zero Trust

Stay Connected