September 2021

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart switches that could be exploited by an attacker to potentially execute malicious code and take […]

The post Expert discloses details and PoC code for Netgear Seventh Inferno bug appeared first on Security Affairs.

Read More Expert discloses details and PoC code for Netgear Seventh Inferno bug

Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids. We’d love questions and topics in advance or just drop in on

Read More Weekly Update 261

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. […]

The post CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data appeared first on Security Affairs.

Read More CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management […]

The post Experts warn that Mirai Botnet starts exploiting OMIGOD flaw appeared first on Security Affairs.

Read More Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP. According to a spokesman for the organization, the attack took place at the end of August and […]

The post German Election body hit by a cyber attack appeared first on Security Affairs.

Read More German Election body hit by a cyber attack

This episode reports on Microsoft extending passwordless access for home users, a report on open source code vulnerabilities and how a company was hit by a years-long attack

The post Cyber Security Today, Sept. 17, 2021 – Microsoft extends passwordless access, a warning to software developers and how an attack started with a compromised website. first appeared on IT World Canada.

Read More Cyber Security Today, Sept. 17, 2021 – Microsoft extends passwordless access, a warning to software developers and how an attack started with a compromised website.

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems.  The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […]

The post New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems appeared first on Security Affairs.

Read More New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Lawmakers call on Facebook to drop the “Instagram for Kids” plan, thousands protest El Salvador’s adoption of Bitcoin as legal tender and Uber Canada helps voters get to the polls this election. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Friday, September 17, and I’m your host, Tom Li. […]

The post Hashtag Trending Sept. 17 – Instagram for Kids criticism; El Salvador bitcoin protests; Uber Canada’s election discount first appeared on IT World Canada.

Read More Hashtag Trending Sept. 17 – Instagram for Kids criticism; El Salvador bitcoin protests; Uber Canada’s election discount

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux […]

The post A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection appeared first on Security Affairs.

Read More A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Safe Systems released CloudInsight M365 Security Basics, which provides financial institutions visibility into their security settings for Azure Active Directory and O365/M365 tenants. Digital security will continue to be a growing concern for modern f…

Read More Safe Systems CloudInsight M365 Security Basics provides visibility into Microsoft security settings

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

Read More Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

DDN and Tintri announced the IntelliFlash N6000 series. This next-generation NVMe-based system optimizes the user experience across all workloads, eliminating IO contention and enhancing IT efficiencies with autonomous AI-driven operations. DDN and Tin…

Read More DDN and Tintri announces IntelliFlash N6000 series to enhance latency and throughput for file services

The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, announced an Equipment Vendor Program to help reduce the most common threats to the Internet’s routing system. Founding participants in this new MANRS…

Read More Internet Society introduces MANRS initiative to improve the resilience and security of the routing infrastructure

The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho flaw. The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn that nation-state APT groups are actively exploiting a critical vulnerability, tracked as CVE-2021-40539, in the Zoho ManageEngine ADSelfService Plus software. ManageEngine ADSelfService Plus […]

The post FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug appeared first on Security Affairs.

Read More FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug

The concept of a fourth industrial revolution was first introduced a decade ago as “Industry 4.0” by scientists developing a high-tech strategy for the German government. This concept has since gone global, and most would agree we are entering a new era featuring many exciting advances in areas like AI, nanotech and robotics. But making […]

The post It’s time to harness AI for business impacts first appeared on IT World Canada.

Read More It’s time to harness AI for business impacts

Apple announced its latest additions to its iPhone lineup, as well as a new iPad mini, at its “California Streaming” event on Tuesday. Both devices will be powered by Apple’s new A15 Bionic processor. Macworld executive editor Michael Simon and Comp…

Read More Podcast: Apple introduces the A15-powered iPhone 13, plus iOS 14.8 patches Pegasus spyware flaw

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]

The post Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug appeared first on Security Affairs.

Read More Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

In a world that has hit the digital fast track, the industrial sector is looking to connected and autonomous machines to help them perform better, produce more, and reduce costs. Earlier assumptions about job loss and disruption seem to have flown out the window as decision-makers in this sector see the many and varied benefits […]

The post A new world of connected and autonomous heavy equipment first appeared on IT World Canada.

Read More A new world of connected and autonomous heavy equipment