Security News > 2021 > June

Jack Wallen installed 1Password on Linux and found it to be a fantastic solution for password management. Follow his tutorial on how to get this proprietary solution installed on your open source OS.

The number of attacks from, and payouts to, ransomware extortionists continue to rise despite only 20% saying giving into demands is the best course, Menlo Security finds. There's a growing reluctance to play ransomware demands, Menlo Security found in an online poll, but that reluctance may not reflect what victims are actually doing when hit by an attack.

Facebook this week announced filing two lawsuits - one against an organization and its agents and one against four individuals in Vietnam - over advertising-related schemes. According to Facebook, four individuals residing in Vietnam employed session/cookie theft techniques to compromise the accounts of employees at advertising and marketing agencies, leveraging them to run unauthorized ads.

Western Digital on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage devices involved the exploitation of a zero-day vulnerability. The attacks came to light last week, with many owners of My Book Live and My Book Live Duo devices reporting on the WD Community forum that a factory reset had been initiated on their devices, which resulted in all files being erased.

CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that it can be exploited to achieve remote code execution and - what's worse - PoC exploits have since been leaked. The Windows Print Spooler is an application / interface / service that interacts with local or networked printers and manages the printing process.

A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people's privacy and avoid inaccurate identification. Though the federal government widely uses facial recognition for various uses from criminal investigations to collecting traveler data, this use is largely unmonitored and unmanaged - a scenario that must change to protect people's privacy and avoid inaccurate identification of perpetrators, a government watchdog report has found.

API security platform Noname Security today announced that it has raised $60 million in Series B funding. Founded in 2020, the Silicon Valley-based enterprise API security startup aims to help organizations secure both managed and unmanaged APIs.

Microsoft has released an optional out-of-band update for all supported Windows 10 versions to address an issue preventing customers from opening PDF documents using some applications. The KB5004760 emergency update is available for devices running client editions of Windows 10 versions 2004, 20H2, and 21H1, as well as Windows Server versions 2004 and 20H2. "An out-of-band optional update is now available on the Microsoft Update Catalog to address an issue in which Internet Explorer 11 and apps using the WebBrowser control might fail to open PDFs," the company says.

Managing the security of your third parties is crucial, but security assessments are riddled with problems, including a lack of context, scalability and relevance. In this comprehensive guide, we provide the direction you need to make your organization's third-party security program efficient and scalable.

Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests, the International Institute for Strategic Studies said Tuesday. While the US remains the dominant cyberspace power, China is rapidly gaining ground and could soon be a major rival in both the civil and military spheres, the Britain-based research group said after a two-year study.