Security News > 2021 > January

One of these bugs is publicly known, according to Microsoft, while another, a remote-code execution hole in the Windows Defender security system, is actively being exploited. CVE-2021-1647 is a Microsoft Defender remote code execution vulnerability.

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The most severe of the issues is a remote code execution flaw in Microsoft Defender that could allow attackers to infect targeted systems with arbitrary code.

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. According to SolarWinds and a technical analysis from CrowdStrike, the intruders were trying to work out whether their "Sunspot" malware - designed specifically for use in undermining SolarWinds' software development process - could successfully insert their malicious "Sunburst" backdoor into Orion products without tripping any alarms or alerting Orion developers.

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. Dealing with multiple vulnerabilities in SAP Business Warehouse, the most important of these issues carry a CVSS score of 9.9.

The malware that was utilised to hack SolarWinds checked to see whether software used to compile the firm's Orion product was running before deploying its payload, according to Crowdstrike. In a blog post late last night, the infosec firm said the Orion-targeting malware, which it codenamed Sunspot, had "Several safeguards" to ensure its deployment of compromised code into new Orion builds didn't trigger SolarWinds' suspicions.

Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "Critical" bug in the Defender security product that's being actively exploited. Security experts are urging security response personnel to pay special attention to CVE-2021-1647, which describes a remote code execution flaw in Microsoft Defender, the company's flagship anti-malware product.

A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack. Net website was launched that claims to be selling the stolen data from Microsoft, Cisco, FireEye, and SolarWinds.

Data protection and compliance solutions provider HITRUST has announced the release of new Shared Responsibility Matrices for Amazon Web Services and Microsoft Azure. Best known for the HITRUST CSF, the Texas-based company has worked with healthcare, technology and information security organizations to help organizations safeguard sensitive information and manage information risk.

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers. A ransomware attack launched against gaming company Capcom last November keeps getting worse.

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.