Security News > 2021 > June

Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft.

How can we be sure that threat hunters stay safe, and don't themselves become a threat to the systems they protect? Conducting threat intelligence and incident response from unsecure locations can expose threat hunters to discovery by the very hackers they are chasing and opens up technical, legal and governance challenges.

How are you dynamically provisioning access for temporary workers? How are you managing privileged access? The challenges in terms of risky account discovery and clean-up, risk-based access certifications, as well as risk-based authentication has become a critical area for our customers. The next critical customer goal is around detecting and preventing insider threats.

Leaked screenshots of an internal Microsoft build of Windows 11 have given us a glimpse of the upcoming changes coming to File Explorer and the Settings app. The screenshots of the new features were leaked this morning on Twitter, allowing us to see some of the latest Windows 11 features not present in the early preview build leaked earlier this month.

Mercedes-Benz USA said last week that sensitive personal information pertaining to its customers was inadvertently exposed by a vendor. This information includes self-reported credit scores, along with a small number of credit card details, dates of birth, driver license numbers, and social security numbers.

Google has released a new password checker for Android. Find out how to enable and use this security feature on your Android device.

Microsoft-owned software development solutions provider GitHub announced on Friday that it has paid out more than $1.5 million through its bug bounty program since 2016, when it started using the HackerOne bug bounty platform. According to the company, in 2020, it paid out over half a million dollars for more than 200 vulnerabilities affecting its products and services.

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security. The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting.

Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader - rather than swipe or insert it - to make a payment or extract money from a cash machine.

Microsoft says it has observed new activity associated with Nobelium, the Russia-linked threat actor that compromised IT management and monitoring solutions provider SolarWinds. The SolarWinds attack was brought to light in early December 2020 and it involved compromising SolarWinds' Orion monitoring product to deliver trojanized updates to the company's customers worldwide, in an effort to breach their networks.