Security News > 2021 > May

Microsoft has shared a workaround for customers experiencing 0x8004de40 errors when trying to signing into their OneDrive accounts. These login problems have plagued OneDrive users for a while now, with reports streaming on social platforms and Microsoft's own user community for years.

DarkSide the name given to both the gang and the ransomware it operated announced on May 13, 2021 that it would immediately cease operation of the DarkSide Ransomware-as-a-Service program. Three days later, researchers published an analysis of a newly found DarkSide variant containing a new function.

Owners of Eufy home security cameras were warned this week of an internal server bug that allowed strangers to view, pan and zoom in on their home-video feeds for approximately one day. The SNAFU, according to experts, is a stark reminder of the security-challenged consumer market for wireless cameras that have caused major headaches for a long list of vendors including Amazon, Google and ADT. China-based Anker quickly patched the vulnerability, which occurred during a planned server upgrade on Monday, that mistakenly connected Eufy users with video streams of other accounts from around the world, according a report on the issue by research firm Recorded Future, published on its The Record news feed.

"There is an evolution happening," said DeFiore, speaking during a data security panel at data management company Rubrik's FORWARD conference Tuesday. "You need to have a strategy and think about ransomware in multiple layers." Enterprises also need to think about the data that really matters to their business and if it needs protecting, how they are going to do it.

Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks. Although research director Rob Rachwald did not elaborate when The Register asked for more detail on its findings, a released report reckoned "Scans began within 15 minutes after Common Vulnerabilities and Exposures announcements were released between January and March."

Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. The adversaries' efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure.

Google this week announced adding new security features to its Google Workspace collaboration and productivity solution, to provide administrators with more capabilities and controls for protecting users and organizations. In the coming weeks, the new feature will become available for Google Workspace Business Plus, Enterprise Standard and Plus, and Education Standard and Plus licenses.

American industrial giant Emerson this week informed customers that it has released firmware updates for its Rosemount X-STREAM gas analyzers to address half a dozen vulnerabilities, including ones that have been rated high severity. Emerson's gas analyzers are designed to allow industrial organizations to continuously analyze process gas emissions.

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance.

More than a dozen U.S. lawmakers led by Rep. Emanuel Cleaver have reintroduced the Pipeline Security Act, whose goal is to aid the DHS's efforts to protect pipeline infrastructure against cyberattacks, terrorist attacks and other threats. The Pipeline Security Act was first introduced in 2019, but it did not receive a vote.