03-07-202105-07-2021

Security daily (04-07-2021)

Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw

Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. (The Hacker News)

Android Apps with 5.8 million Installs Caught Stealing Users' Facebook Passwords

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users (The Hacker News)

Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware

Threat actors behind the notorious REvil cybercrime operation appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving (The Hacker News)

03-07-202105-07-2021

/security-daily/ 05-07-2021 23:44:22