Security News > 2021 > May

Here's the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data. Looking at the Google accounts that left positive reviews on both the now-defunct Microsoft Authenticator and iArtbook extensions, KrebsOnSecurity noticed that each left positive reviews on a handful of other extensions that have since been removed.

Microsoft released Microsoft Edge 91 yesterday, and since then, users have been reporting constant nag screens, bugs, and problems using the new version of the web browser. Microsoft Edge 91 is a milestone release for the browser with numerous new features introduced, such as Price History, Cash Back & Rebates, Kids Mode, a new Pride theme, and personalized news.

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

Windows 10 preview builds can now run Linux apps directly on the Windows 10 desktop using the new Windows Subsystem for Linux GUI. In this article, we go hands on with the new WSLg feature to demonstrate the types of graphical Linux apps you can now run. WSLg can launch Linux GUI apps by utilizing the Wayland server to display the apps in Windows 10.

Mozilla advises Firefox users to update to the latest released version to avoid experiencing video streaming issues after Google updates the Widevine digital rights management on May 31. Once Google updates the Widevine private encryption keys and content decryption module on May 31, video streaming services using Google's DRM-protection technology will no longer work with older Firefox versions.

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels," said researchers from Ruhr-University Bochum, who have systematically analyzed the security of the PDF specification over the years.

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat clusters UNC2630 and UNC2717, said the intrusions lines up with key Chinese government priorities, adding "Many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent 14th Five Year Plan.".

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the attacker-controlled server.

Databricks announced the launch of a new open source project called Delta Sharing, an open protocol for securely sharing data across organizations in real time, completely independent of the platform on which the data resides. "The top challenge for data providers today is making their data easily and broadly consumable. Managing dozens of different data delivery solutions to reach all user platforms is untenable. An open, interoperable standard for real-time data sharing will dramatically improve the experience for both data providers and data users," said Matei Zaharia, Chief Technologist and Co-Founder of Databricks.

Protegrity announced the availability of three Protegrity products in AWS Marketplace: Protegrity Discover, Cloud Protect for Amazon Redshift, and Cloud Protect for Snowflake. With AWS Marketplace availability, Protegrity is making it easier than ever for customers to discover and protect their sensitive data in the cloud.