Day: 19 July 2021
China’s New Law Requires Vendors to Report Zero-Day Bugs to Government
19 July 2021The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect […]
Read More
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
19 July 2021A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own […]
Read More
Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely
19 July 2021The Wi-Fi network name bug that was found to completely disable an iPhone’s networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, […]
Read More
Five Critical Password Security Rules Your Employees Are Ignoring
19 July 2021According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. […]
Read More
New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally
19 July 2021A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group’s Pegasus “military-grade spyware” to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. Dubbed the “Pegasus Project,” the investigation is a collaboration by more than […]
Read More
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
19 July 2021Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. “Microsoft Windows allows for non-admin users to be able to install printer […]
Read More
Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability
19 July 2021Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks. “Microsoft Windows allows for non-admin users to be able to install printer […]
Read More