Security News > 2021 > June

Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability, caused by an out-of-bounds memory access issue, can allow a local attacker to elevate privileges by sending specially crafted requests.

The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions. "The Woods Hole, Martha's Vineyard, and Nantucket Steamship Authority has been the target of a ransomware attack that is affecting operations as of Wednesday morning," the ferry service said on Wednesday.

FireEye has been sold for $1.2bn to the same American private equity fund that bought McAfee's enterprise security business, severing it from infosec stablemate Mandiant. The sale to Symphony Technology Group will see threat intel and incident response business Mandiant return to the market as a standalone operation in Q4 this year, FireEye said in a statement.

There's a gap between the promise of a security technology and operational reality. A similar phenomenon has been happening in the security industry for years - there is great promise in a new product or technology; however, the operational reality is much different.

Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.

A previously unknown Windows backdoor enables remote access and the collection of considerable live data - but only during Chinese working hours. Researchers from Check Point Research report that opening the attachment starts a chain of in-memory loaders leading to the delivery of the previously unknown backdoor.

Enterprise mobile security company Hypori this week announced it raised $20 million in a Series A funding round led by GreatPoint Ventures. To date, the company raised $33.9 million.

US President Joe Biden said Wednesday he is "Looking" at possible retaliation after the White House linked Russia to a cyberattack against global meat processing giant JBS. Asked by a reporter if he would take action against President Vladimir Putin, whom he will meet for a summit in Geneva later this month, Biden said: "We're looking closely at that issue." The ransomware attack on a US subsidiary of Brazilian-owned JBS has again prompted accusations that Russia is at least harboring cybercriminals.

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape. Since the beginning of the COVID-19 pandemic, the number of targeted attacks on healthcare provider network servers, email systems and devices has rapidly increased as attackers look to take advantage of the overwhelmed healthcare sector struggling to cope with accelerating demand.

Cybersecurity professionals have seen a surge in cyberattacks in the past year, and many blamed the trend on more employees working from home due to the COVID-19 pandemic, according to a report published on Thursday by VMware. VMware's 2021 Global Security Insights Report is based on a survey of more than 3,500 CISOs, CTOs and CIOs conducted in December 2020.