<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/25/2021

SHARE

Hacking

Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company's firewalls and other types of security appliances. In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. READ MORE...

Software Updates

Vulnerabilities Expose Fortinet Firewalls to Remote Attacks

A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands. The flaw can pose an even more serious risk if it's chained with a misconfiguration and another recently discovered security hole. The flaw, tracked as CVE-2021-22123, has been patched with the release of FortiWeb versions 6.3.8 and 6.2.4, Fortinet said in an advisory published in late May. READ MORE...


Preinstalled Firmware Updater Puts 128 Dell Models at Risk

A firmware-update utility that comes preinstalled on at least 128 models of Dell laptops, desktops, servers, and tablets has multiple vulnerabilities that could allow a privileged attacker to install rogue code over the network, the computer maker and security firm Eclypsium announced on Thursday. The four vulnerabilities affect an estimated 30 million devices that use the BIOSConnect functionality of Dell's support utility SupportAssist. READ MORE...

Information Security

Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang. Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby's and other U.S. corporations. Victims experienced "enormous" losses, according to the Justice Department, that by some estimates have exceeded $1 billion. READ MORE...


Cloud Database Exposes 800M+ WordPress Users' Records

A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet. Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost. The 814 million records he found were traced back to the firm's managed WordPress hosting business DreamPress and appeared to date back to 2018. READ MORE...

Exploits/Vulnerabilities

WD My Book NAS devices are being remotely wiped clean worldwide

Western Digital My Book NAS owners worldwide found that their devices have been mysteriously factory reset and all of their files deleted. WD My Book is a network-attached storage device that looks like a small vertical book that you can stand on your desk. The WD My Book Live app allows owners to access their files and manage their devices remotely, even if the NAS is behind a firewall or router. READ MORE...


Critical VMware Carbon Black Bug Allows Authentication Bypass

VMware has fixed an uber-severe bug in its Carbon Black App Control (AppC) management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly. AppC also ensures that organizations stay in continuous compliance with regulatory mandates. This is a bad one: VMware puts the flaw, CVE-2021-21998, in the critical severity range with a maximum CVSSv3 base score of 9.4 out of 10. READ MORE...

On This Date

  • ...in 1903, British novelist and journalist George Orwell ("1984", "Animal Farm") is born in Motihari, India.
  • ...in 1967, the Beatles record "All You Need Is Love" during the first worldwide, live television broadcast.
  • ...in 1981, Microsoft is incorporated as a business in Washington.
  • ...in 1984, Prince releases his most successful studio album, "Purple Rain."