πŸ”’
There are new articles available, click to refresh the page.
Yesterday β€” 29 November 2021General Security News

Panasonic confirmed that its network was illegally accessed by attackers

29 November 2021 at 21:36

Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information.

Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company containing sensitive data.

The company discovered the intrusion on November 11 and immediately launched an investigation, which is still ongoing, to determine the scope of the attack.

β€œPanasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021. As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion.” reads the notice of unauthorized access to file server. β€œAfter detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network.”

The company retained a third-party cybersecurity firm to investigate the leak and determine which kind of information was stolen by the attackers.

Japanese news websites ([1], [2]) reported that threat actors gained access to information related to the company’s technology, business partners’ data, and employees’ information.

According to the Mainichi website, threat actors reportedly accessed the Panasonic servers multiple times between June and November.

In November 2020, Panasonic suffered a data breach after a cyber attack hit an Indian subsidiary. At the time threat actors gained access to financial information, credentials and email addresses

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, Panasonic)

The post Panasonic confirmed that its network was illegally accessed by attackers appeared first on Security Affairs.

Google experts found 2 flaws in video conferencing software Zoom

29 November 2021 at 22:53

Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks.

Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android.

The issues in the video conferencing software Zoom were discovered by Google Project Zero researcher Natalie Silvanovich. The first flaw, tracked as CVE-2021-34423, is a high-severity buffer overflow vulnerability that received a CVSS base score of 7.3.

β€œA buffer overflow vulnerability was discovered in the products listed in the β€œAffected Products” section of this bulletin. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.” reads the security advisory published by Zoom.

The second vulnerability addressed by the company is a memory corruption issue, tracked as CVE-2021-34424, that received a CVSS base score of 7.3.

β€œA vulnerability was discovered in the products listed in the β€œAffected Products” section of this bulletin which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product’s memory.” reads the advisory.

Below is the list of affected Zoom products:

  • Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4
  • Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1
  • Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4
  • Zoom Client for Meetings for Chrome OS before version 5.0.1
  • Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3
  • Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3
  • Zoom VDI before version 5.8.4
  • Zoom Meeting SDK for Android before version 5.7.6.1922
  • Zoom Meeting SDK for iOS before version 5.7.6.1082
  • Zoom Meeting SDK for macOS before version 5.7.6.1340
  • Zoom Meeting SDK for Windows before version 5.7.6.1081
  • Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2
  • Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115
  • Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115
  • Zoom On-Premise Recording Connector before version 5.1.0.65.20211116
  • Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117
  • Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117
  • Zoom Hybrid Zproxy before version 1.0.1058.20211116
  • Zoom Hybrid MMR before version 4.6.20211116.131_x86-64

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, video conferencing software Zoom)

The post Google experts found 2 flaws in video conferencing software Zoom appeared first on Security Affairs.

  • There are no more articles
❌