Multiple vulnerabilities in Hitachi Vantara’s Pentaho Business Analytics software could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the host system.

Google announced that it will pay researchers to find exploits using vulnerabilities, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel.

The FBI warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims.

Symantec researchers explained in a new blog post today that the custom tool is the third discovery of its kind, following the development of the Ryuk Stealer tool and the LockBit-linked StealBit.

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.

While rare, ransomware developers can make mistakes in implementing encryption, causing unintended flaws. Mistakes can occur when developers use patchwork code and lack appropriate expertise.

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.

MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

So far this year, almost 1,000 schools across the US have suffered from a ransomware attack, and in some cases had classes disrupted because of it, according to tallies by Emsisoft.