Security News > 2021 > January

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains.

Skype users are currently experiencing issues around the world, with users reporting that they are getting signed out of their Skype account automatically. When attempting to access Skype website, users are given "We're unable to complete your request" errors or other messages stating that the company is aware of the problem and are working on restoring access.

Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits. The Project Zero team, in collaboration with the Google Threat Analysis Group, discovered a watering hole attack using two exploit servers in early 2020, each of them using separate exploit chains to compromise potential targets.

Europol cops have taken down dark-web souk DarkMarket, after arresting an Australian citizen living in Germany who they claim was operating the world's biggest online bazaar of its kind. DarkMarket had nearly 500,000 users and more than 2,400 sellers, an official announcement from Europol on Tuesday said, calling it the "World's largest largest illegal marketplace on the dark web."

I reference these earlier works of failed prognostication in an effort to set the bar low for my own predictions of changes to medical device cybersecurity in the coming year, 2021. I further predict that there will be many medical device manufacturers who will be surprised that their medical devices need to be secure before they can be marketed.

Okera researchers revealed five pivotal data industry trends and predictions expected to emerge in 2021. "As we look to 2021, data privacy will be paramount to competitive differentiation as organizations accelerate in the tools and technologies that will transform their businesses and drive revenue," said Nong Li, Okera CTO. Data privacy and access controls: A brand differentiator that drives topline revenue.

There's a glaring disconnect between IT and employees that will hold organizations back from evolving with the market and embracing a long-term digital workplace that is successful, 1E reveals. The survey found IT overwhelmingly lacks knowledge of the remote employee experience, with respondents severely overestimating employee satisfaction and underestimating IT-induced downtime and disruption.

Organizations are spending more to account for widespread security operation center challenges including growing security management complexity, increasing analyst salaries, security engineering and management outsourcing costs, yet are still dissatisfied with the outcomes, Ponemon Institute and FireEye reveal. "The findings of the Ponemon Economics of the SOC report show that organizations are facing an onslaught of rising security operations costs, but despite these increased investments, are still unhappy with their ability to combat growing cyberthreats," said Chris Triolo, VP of Customer Success, FireEye.

A watchdog agency for the U.S. Census Bureau says that proper information-technology security safeguards weren't in place leading up to the start of the 2020 census last year, but the statistical agency disputes some of the findings and says no data was compromised. The Census Bureau was able to remedy some of the security deficiencies after they were pointed out by the Office of Inspector General, and others were corrected right before most U.S. residents began answering the 2020 census questionnaire in March, the report said.

Allot announced that a new mass-market cybersecurity solution, Allot DNS Secure, will join the Allot Secure family of cybersecurity solutions for communication service providers. The new solution is supported by an agreement with Open-Xchange to license its OX PowerDNS technology, which will be integrated into Allot DNS Secure.