Security News > 2021 > January

Signal's encrypted messaging service has recovered from delays affecting its new user verification process after a mass exodus of WhatsApp users to their platform. When setting up Signal for the first time, users must verify their mobile number using verification codes sent by the encrypted messaging provider.

Microsoft has addressed a known issue causing Windows 10 20H2 devices to force restart due to the Local Security Authority Subsystem Service system process crashing. The known issue fixed on Thursday affects both client and server Windows devices where local built-in accounts such as Guest or Administrator have been renamed.

By running a survey on whether infosec bods think the Common Vulnerability Scoring System is a useful tool for assessing security flaws, Dr Zinaida Benenson of Friedrich-Alexander Universität Erlangen-Nürnberg's IT Security Infrastructure Lab in Germany hopes to further the infosec world's understanding of how reliable the system really is. While the survey hopes to gain up to 300 respondents, Benenson was coy about precisely what she's hoping to prove or disprove, but she did drop The Register a hint about the current state of CVSS scoring.

Intel introduced Intel RealSense ID, an on-device solution that combines an active depth sensor with a specialized neural network designed to deliver secure, accurate and user-aware facial authentication. "Intel RealSense ID combines purpose-built hardware and software with a dedicated neural network designed to deliver a secure facial authentication platform that users can trust," said Sagi Ben Moshe, Intel corporate vice president and general manager of Emerging Growth and Incubation.

Many predictions said we were due for another major cyberattack leading into 2021, but no one foresaw this type of attack and the impact it had, leading to a new focus on security and software development. The compromise of SolarWinds brings into question the security practices of all software developers, including topics such as patching of development machines, outsourcing of code development, control and understanding of code functionality through mergers and employee turnover, code reviews and other techniques to identify security issues and many others.

NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU management software. NVIDIA has addressed the security issues in all affected software products and platforms with the exception of those tracked as CVE‑2021‑1052, CVE‑2021‑1053, and CVE‑2021‑1056 impacting the Linux GPU Display Driver for Tesla GPUs which will receive an update driver version starting with January 18, 2021.

The mandatory changes allow WhatsApp to share more user data with other Facebook companies, including account registration information, phone numbers, transaction data, service-related information, interactions on the platform, mobile device information, IP address, and other data collected based on users' consent. In its updated policy, the company expands on the "Information You Provide" section with specifics about payment account and transaction information collected during purchases made via the app and has replaced the "Affiliated Companies" section with a new "How We Work With Other Facebook Companies" that goes into detail about how it uses and shares the information gathered from WhatsApp with other Facebook products or third-parties.

A rising onslaught of phishing messages delivered via SMS has been hitting mobile users around the world in the last few months. The messages take the form of alerts about recipients being eligible to apply for the COVID-19 vaccine, fake notifications about missed deliveries and/or requirements to pay for specific deliveries, messages offering financial help from the government, prizes won.

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability is separate from a bug reported in Google's browser engine Chromium, which is used in the Google Chrome browser and Microsoft's latest version of its Edge browser.

With so much to gain by dipping their toes into multiple cloud pools, it should come as no surprise that Flexera recently reported that more than 90% of enterprises are embracing multicloud architectures. Now, it's onto getting a full picture of your data landscape and strategy: can your technology storage stack, transactional databases, data warehouses, and data analytics platforms be accessed across multiple cloud environments? You might even need to redesign or replace your data integration architecture, data lake and big data architectures with hyper-scalable or multicloud services like BigQuery Omni.