Security News > 2021 > March

Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday. A total of 400,000 Internet-connected Exchange servers were impacted by the ProxyLogon vulnerabilities when Microsoft issued the initial security patches, on March 2, with over 100,000 of them still unpatched one week later, on March 9.

Energy giant Royal Dutch Shell is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance product, which already has affected numerous companies and been attributed to the FIN11 and the Clop ransomware gang. "Attackers"gained access to "Various files" containing personal and company data from both Shell and some of its stakeholders, acknowledged the company.

A report released Tuesday by threat intelligence firm Check Point Research explains how phony COVID-19 vaccine documents are selling on the Dark Web and how to avoid these fake documents. For individuals who don't have such a certificate or can't wait for a vaccine, the Dark Web is becoming home to fake documents, according to Check Point's analysis.

Google has warned Android users that a recently patched vulnerability has been exploited in attacks. The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021.

Cloudflare launched Cloudflare Browser Isolation, a new zero trust service to make everyday web browsing safer and faster for all businesses, regardless of where their employees are. As businesses rely on employees working directly in browsers, Cloudflare Browser Isolation keeps them safe by creating a gap between end-user devices and potential threats.

The US Supreme Court on Monday declined to consider an appeal by Facebook that would have derailed a $15 billion lawsuit over whether it illegally tracked users about a decade ago. The nation's top court issued an order denying a request by the leading social network to review a California federal court's decision to allow the litigation accusing Facebook of violating wiretap laws.

Cloud security firm Orca has achieved "Unicorn" status after raising $210 million in a Series C funding round that values the company at $1.2 billion. The latest funding, which brings the total raised by Orca to nearly $300 million, was led by CapitalG, the independent growth fund of Google's parent company Alphabet, and Redpoint Ventures.

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There's much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

CSAE framework: Smart data science technologies supporting criminal investigations. A frequently proposed solution is the introduction of 'smart' data science technologies to support criminal investigations.

Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers' names, addresses, and outstanding debts, The Register can reveal. Text messages sent by Telsolutions Ltd on behalf of a dozen local authorities contained shortlinks to webpages urging council tax defaulters to pay up - and in a dozen cases seen by The Register there was little or no authentication protecting personal data from prying eyes.