Security News > 2021 > May
Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in "Limited attacks targeting Adobe Reader users on Windows." Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affected Adobe Acrobat and Reader on both Windows and MacOS platforms.
UPDATE. A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers. United Valor is a North Carolina-based company which "Provides disability evaluation services for the Veterans Administration and other federal and state agencies," according to its site.
Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department after negotiations went stale. The ransomware gang claims the data was leaked because the amount of money the DC Police was willing to pay did not match Babuk Locker's ransom demands.
Folks in England can from next week use the NHS App to confer their vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed. The British government has announced that from 17 May, people will be able to demonstrate their COVID-19 vaccination status - a so-called vaccine passport or certificate - using the NHS App, which began its public rollout in January 2019, well before the pandemic.
Folks in England can from next week use the NHS App to confer their vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed. The British government has announced that from 17 May, people will be able to demonstrate their COVID-19 vaccination status - a so-called vaccine passport or certificate - using the NHS App, which began its public rollout in January 2019, well before the pandemic.
Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog.
Siemens' May 2021 Patch Tuesday advisories address roughly 60 vulnerabilities introduced by the use of third-party components. The German industrial giant has released more than a dozen advisories to inform customers about tens of vulnerabilities affecting RUGGEDCOM, SCALANCE, SIMATIC, SINEMA, SINAMICS and other products.
The statement, which published reports said was posted on the DarkSide ransomware gang's website, is a rare about-face for a known cybercriminal group, which the FBI deemed responsible for the cyberattack that halted pipeline activities for Colonial Pipeline Co. Cybercriminals are typically a proud and boastful bunch that rarely, if ever, show any type of regret or remorse for their attacks. As the DarkSide gang's chief aim is to extort money from their clients by collecting ransom, attackers now realize they may have been barking up the wrong tree in attacking a major oil pipeline that supplies the East Coast with roughly 45 percent of its liquid fuels.
VideoLan has released VLC Media Player 3.0.14 to fix an issue affecting Window users and causing the software's auto-updater not to launch the new version's installer automatically. "VLC users on Windows might encounter issues when trying to auto update VLC from version 3.0.12 and 3.0.13," VideoLan explained.
Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so. One of its new features is enforcement of what Apple calls AppTrackingTransparency, which means that apps must request permission from the user before tracking them or accessing the Apple device identifier.