Two more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. The latest victims are Singapore telecom company Singtel and Australian medical research institute QIMR Berghofer.
Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash. It's urging customers to shift to updated versions of the software that fix the flaws.
The latest edition of the ISMG Security Report features an analysis of the critical security issues raised by the hacking of a Florida city water treatment plant. Also featured: The CISO of the World Health Organization discusses supply chain security; hackers steal celebrities' cryptocurrency.
Microsoft has finally pushed out the second half of the software patch for the "Zerologon" privilege escalation vulnerability in the Windows Netlogon Remote Protocol more than five months after the first half of the patch was issued.
SonicWall has confirmed that a zero-day vulnerability is affecting its Secure Mobile Access, or SMA, gateway product line, and the company is developing a patch to address the issue. Researchers say they have found exploits for the vulnerability circulating in the wild.
While many details about the SolarWinds Orion hack and full victim list remain unknown, experts have ascribed the apparent espionage campaign to Russia. Now, however, Reuters reports that a separate group of Chinese hackers was also exploiting SolarWinds vulnerabilities to hack targets.
Several data breaches stemming from unpatched vulnerabilities in Accellion's File Transfer Appliance have been revealed. What went wrong? Where does the fault lie? And what can organizations do about it?
A data breach of a Washington state auditor's system exposed 1.4 million unemployment claimants’ records. The breach stemmed from an exploit of an unpatched system from Accellion, and the state says it was never notified of the flaw. But Accellion says it notified customers and offered a patch in December.
Up to 30% of the organizations hit as part of the cyberespionage campaign waged by the hackers responsible for the SolarWinds supply chain attack did not use the company’s compromised software, says Brandon Wales, acting director of CISA. These victims were targeted in a variety of other ways, he says.
A recently discovered 10-year-old bug, if exploited, could give hackers root access to vulnerable Linux and Unix operating systems, according to Qualys. Security experts are urging users to immediately implement a patch to mitigate the risk.
More breach victims are emerging as a result of exploits of an unpatched vulnerability in an aging file transfer application from Accellion. The latest announcement comes from the Australian Securities and Investments Commission, which says recent credit license applications were accessed.
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.