SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5
SAP, a German software maker, has announced the release of nine new security notes. The security patches were released as part of the company’s November Security Patch day, which includes fixes for two critical bugs. The critical flaws lie in BusinessObjects and SAPUI5. Additionally, the company released updates to two
Allies Warn of Iranian Ransom Attacks Using Log4Shell
Cybersecurity agencies that are located in the US, UK, Australia, and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. The alert was published earlier this week and claims that the Islamic Revolutionary Guard Corps (IRGC) was responsible for multiple attacks that leveraged the VMware
CISA Expands Vulnerabilities Catalog With Old, Exploited Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added six previously identified flaws to its Known Exploited Vulnerabilities Catalog. The addition was made last week, and the vulnerabilities are a frequent attack vector for threat actors, the agency stated. The CISA also noted that the flaws, although old, post
Pentagon finds concerning vulnerabilities on blockchain
A report commissioned by the Pentagon concluded that the blockchain is not decentralized, is vulnerable to attacks and is running outdated software. The report, “Are Blockchains Decentralized, Unintended Centralities in Distributed Ledgers”, uncovered that a subset of participants can “exert excessive and centralized control over the entire blockchain system.” The findings
56 Vulnerabilities Discovered in OT Products From 10 Different Vendors
Multiple sources have confirmed the discovery of a total of 56 vulnerabilities in OT products from 10 vendors, including popular companies Honeywell, Siemens, and Emerson. According to security researchers, most of the vulnerabilities are due to a lack of basic security mechanisms such as authentication and encryption. In addition, researchers
U.S. Cybersecurity Agency ‘Strongly Urges’ You Patch These 75 Actively Exploited Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has identified 75 security vulnerabilities that pose a significant risk to its list of flaws that should be patched immediately. All of the vulnerabilities are known to be actively exploited, heightening the risk of an attack. For organizations, there are risks of
Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices
Cybersecurity researchers at NCC Group have found a critical flaw in Bluetooth Low Energy (BLE) receivers. The flaw may grant cyber criminals access to a range of devices, including phones, laptops, cars, and houses. NCC Group details how BLE uses proximity to authenticate that the user is within a close
Massive New Security Update For 3.2 Billion Chrome Users Confirmed
Google Chrome security has experienced a busy past few weeks and there is no sign of slowing down. Just days after two emergency fixes for vulnerabilities being exploited in the wild and a record number of Chromium zero-days across 2021 was announced, Google has released another massive security update that
Healthcare Org Hit By Two Ransomware Gangs At Once
Security experts at Sophos have reported a recent scenario in which two competing threat groups deployed ransomware on the victim’s network simultaneously. One of the groups was the Russia-linked Conti APT while the other is known as Karma. Karma counts Russian IP addresses among some of its top targets. The
Lack of Patching Leaves 300,000 Routers at Risk for Attack
Hundreds of thousands of routers produced by a Latvian network hardware firm MikroTik are still vulnerable to at least one of four vulnerabilities that are over a year old. These vulnerabilities are most likely being used by attackers as their operational infrastructure. Approximately 94% of the 2 million routers deployed