Security News > 2021 > May

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed in an attempt to tamper with data stored in memory and attack a system.

Windows 10 will soon let you configure Windows Terminal as the default terminal application to launch console and PowerShell programs. When you launch a command-line console program in Windows 10, the operating system will automatically launch it in a Windows Console or PowerShell console displayed by the Windows Console Host, as shown below.

Securonix announced that product engineering heavy hitter Chris Brazdziunas will join its team as Executive Vice President, Head of Product Engineering. Augmenting the company's powerhouse engineering and service team, Brazdziunas and additional new senior executive appointments will help Securonix accelerate product innovation and further establish its leadership position in cloud-native security analytics.

Microsoft is investigating an Office 365 issue causing Outlook and Exchange Online emails to skip recipients' inboxes and being sent their junk folders instead. "We're investigating an issue in which email is being sent to the junk folder," Microsoft shared on the company's Microsoft 365 Status Twitter account. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this ongoing incident.

Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question, of whether companies should pay when their systems are held hostage by ransomware. Rather than debating what's ultimately a moral and ethical question that's been around since the dawn of humanity, the proper debate we should be having is about the critical role of technology at non-technology companies.

Certified portable document format files are used to securely sign agreements between two parties while keeping the contents' integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks. Researchers from Ruhr University Bochum explained certified PDFs use two specific signatures to authenticate the document, an Approval signature and a Certification signature.

VMware's virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch "As soon as possible". VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10.

Cyberattacks have long been seen as a threat to financial markets, but worries are becoming even more acute following a US pipeline hack that set off a public panic and forced the company to pay a ransom. Financial exchanges that manage daily transactions of tens or hundreds of billions of dollars are an appealing target for hackers.

Microsoft has released the first stable version of the native Winget Windows 10 package manager that helps you manage applications directly from the command line. Microsoft first announced the first preview version of its Windows 10 package manager at Microsoft Build 2020 and has developed it as an open-source project on GitHub since then.

Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. Oh! No! of the week.