Day: 19 July 2021

China’s New Law Requires Vendors to Report Zero-Day Bugs to Government

19 July 2021

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect […]

Read More

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

19 July 2021

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own […]

Read More

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

19 July 2021

The Wi-Fi network name bug that was found to completely disable an iPhone’s networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, […]

Read More

Five Critical Password Security Rules Your Employees Are Ignoring

19 July 2021

According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. […]

Read More

New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally

19 July 2021

A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group’s Pegasus “military-grade spyware” to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. Dubbed the “Pegasus Project,” the investigation is a collaboration by more than […]

Read More

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

19 July 2021

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. “Microsoft Windows allows for non-admin users to be able to install printer […]

Read More

Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability

19 July 2021

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks. “Microsoft Windows allows for non-admin users to be able to install printer […]

Read More