Security News > 2021 > May

The problem is not the cloud, one expert said. It's the speed at which companies are moving items to the cloud without considering security controls.

Google Chrome now hinders attackers' efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later. This is possible after the adoption of Intel's Control-flow Enforcement Technology, supported on Windows 10 computers through an implementation known as Hardware-enforced Stack Protection which adds enhanced exploit protection to all compatible devices.

As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift. The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

Unlike vendors such as Microsoft, Google Android and Mozilla, security updates emerge from Cupertino HQ whenever Apple thinks the time is right. For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.

Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe. Pulse Secure also patched three other security bugs, two of them also critical RCE vulnerabilities.

Mistake number two was the password for his email account was the same as his cybercrime forum admin account. Regardless of their reasons or lack thereof for choosing poor passwords, it is fascinating that in terms of maintaining one's operational security it actually benefits cybercriminals to use poor passwords in many situations.

Cloud communications company Twilio has now disclosed that it was impacted by the recent Codecov supply-chain attack in a small capacity. Today, cloud communications and VoIP platform Twilio has announced that it was impacted by the Codecov supply-chain attack.

On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.

Five high-severity security flaws in Dell's firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The multiple local privilege-escalation bugs exist in the firmware update driver version 2.3 module, which has been in use since 2009.

Newly discovered critical vulnerabilities in the Exim mail transfer agent software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. All versions released before Exim 4.94.2 are vulnerable to attacks attempting to exploit the 21Nails vulnerabilities.