Here’s an overview of some of last week’s most interesting news, articles and interviews:
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech.
150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)
Over 150 HP multifunction printers (MFPs) are open to attack via two exposed physical access port vulnerabilities (CVE-2021-39237) and two different font parsing vulnerabilities (CVE-2021-39238) discovered by F-Secure security consultants Timo Hirvonen and Alexander Bolshev.
300.000+ users downloaded malware droppers from Google Play
Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a series of tricks to bypass the app store’s restrictions, evade automatic detection, and trick users into believing the apps they downloaded are legitimate and innocuous.
Putting the “sec” in DevSecOps: An overall…
