SecurityWeek

As our world becomes increasingly virtual, fast, and reliable network connections have never been more critical. Businesses and consumers alike expect a fully connected experience in all aspects of their lives and eagerly await 5G’s faster data speeds, lower latency, and increased connectivity.

A vulnerability affecting some of Schneider Electric’s Modicon programmable logic controllers (PLCs) can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device.

Government agencies in the United States and Australia warn organizations that a vulnerability affecting ForgeRock Access Management has been exploited in the wild.

Fashion retailer Guess last week confirmed that the personal data of some customers was compromised in a ransomware attack it suffered in February 2021.

Microsoft has flexed its muscles in the cybersecurity space, and will drop a reported $500 million in cash to acquire RiskIQ, a late stage startup in the threat intelligence and attack surface management business.

BIMI is an emerging email specification that enables the use of brand logos within supported email clients

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.”

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published the results of the Risk and Vulnerability Assessments (RVAs) it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations.

Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.

A look into recent cryptocurrency tracing and recovery operations by the FBI and UK’s Metropolitan Police

IT management solutions provider Kaseya has released patches for the vulnerabilities exploited in the recent ransomware attack, and the company has also started restoring SaaS services.

Secure Access Service Edge (SASE) provider Netskope on Friday announced closing a new $300 million investment round at a post-money valuation of $7.5 billion. To date, the company has raised more than $1 billion in funding.

The European Consumer Organisation announced Monday it had lodged a complaint with the European Commission against Facebook's attempt to modify the terms of service for the WhatsApp messenging service.

Websites of Iran’s transport and urbanization ministry Saturday went out of service after a “cyber disruption” in computer systems of its staff, the official IRNA news agency reported.The report did not elaborate but said the case is under investigation. This is the second abnormality in computer systems related to the ministry.

President Joe Biden told Russian President Vladimir Putin in a Friday phone call that he must “take action” against cybercriminals acting in his country and that the U.S. reserves the right to “defend its people and its critical infrastructure” from future attacks, the White House said.

Commercial insurer CNA has started notifying customers that threat actors did have access to some personal data during a ransomware attack in March.

The ZLoader malware family has switched to a new delivery mechanism in recent spam campaigns, fetching malicious code only after the initial attachment has been opened, McAfee reports.

A total of 14 cybersecurity-related acquisitions were announced between July 1 and July 8, 2021.

Just days after shipping an emergency Windows update to cover a dangerous code execution flaw (CVE-2021-1675) in the Print Spooler service, Microsoft is investigating a new set of claims that its so-called ‘PrintNightmare’ patch has not properly fixed the underlying vulnerability.

Microsoft this week revealed that it paid out more than $13.6 million in bug bounties between July 1, 2020, and June 30, 2021.As part of the company’s 17 bug bounty and grant programs, participating security researchers can earn awards as high as $250,000 -- the highest rewards are for critical vulnerabilities in Hyper-V.