Security News > 2021 > May

Microsoft has fixed a known Windows 10 issue that would lead to FLAC encoded music files becoming corrupted when changing their title, artist, or other metadata in File Explorer. "The FLAC property handler assumed that all FLAC files started with the 4 byte start code fLaC and did not take into account the ID3 frame at the beginning of the file," Microsoft explains.

Google now allows you to password-protect your Google account's My Activity page so that others sharing your device can't snoop on your online activity. When you use Google products, such as Google Search, Gmail, Google News, the Play Store, Maps, and YouTube, the company will record what activities you performed on these services.

In the merry-go-round world of InfoSec technologies and "What's old is new again," this year we should include Attack Surface Management with a dash of Continuous. Ad hoc point-in-time enumerations of an organization's external attack surface are being superseded by continuous attack surface management.

The federal government will issue cybersecurity regulations in the coming days for U.S. pipeline operators following a ransomware attack that led to fuel shortages across much of the Eastern Seaboard. The Transportation Security Administration, which oversees the nation's network of pipelines, is expected to issue a security directive this week that will address some of the issues raised by the Colonial Pipeline shutdown, a U.S. official said Tuesday.

Criminals send ransom demands not only to the attacked organization but to any customers, users or other third parties that would be hurt by the leaked data.

Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. In April 2021, a threat actor created a new topic on a hacking forum where they claimed to be selling 13 TB of stolen data, including details for 18 crores orders and 1 million credit cards, from Domino's India.

We're much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by 43 different CVE bug numbers. For what it's worth, the update to macOS Big Sur 11.4 shared many of those bugs with iOS, as well as adding a raft of its own, with 58 significant bugs patched, covered by 73 different CVE bug numbers.

VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.

Microsoft announced today at the Build 2021 developer conference that support for running Linux GUI apps is now available via Windows Subsystem for Linux. The feature was first released one month ago and it allows Windows 10 users to run Linux applications with a GUI without using a virtual machine.

Tessian, an email security company that focuses on human error, today announced that it raised $65 million in Series C funding. The company has raised $123.7 million in total and its valuation is now $500 million.