Cloud marketplaces are rife with pre-built virtual machine (VM) images containing unpatched vulnerabilities, overly permissive firewall settings, and even malware and coin miners.

Attacks on critical infrastructure entities often target OT and ICS and range from modifying various industrial processes to disrupting and even shutting them down entirely.

With the new funding, the firm has raised $12.9 million since its founding in 2018. New investor Mercury led the round with Managing Director Aziz Gilani joining Blumira’s board as a director.

Hundreds of thousands of Indiana residents are being notified of a data breach involving responses collected via the Hoosier State’s COVID-19 online contact tracing survey.

CVE-2021-21832 can cause memory corruption in the application if the user opens an adversary-created ISO file that causes an integer overflow. This flaw exists in the way the application parses ISOs.

The Federal Financial Institutions Examination Council (FFIEC) has issued updated its security guidance advising banks to use stronger access controls and multifactor authentication.

The code itself is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. Additionally, it can terminate processes and services as needed.

Netcraft’s research into the FluBot malware confirms that its operations are expanding rapidly, with a spike in the number of malware distribution pages deployed and finance apps affected.

The most severe of these are CVE-2021-30598 and CVE-2021-30599, two type confusion issues in the V8 JavaScript engine that were identified and reported in July by Manfred Paul.

A stored cross-site scripting (XSS) vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into vulnerable websites, researchers said.