Security News > 2021 > June

A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines on Google Cloud Platform. Rad decided to disclose the vulnerability due to Google's failure to fix the issue and provide information on its progress.

Criminals infected the Salvation Army in the UK with ransomware and siphoned the organisation's data, The Register has learned. The Salvation Army refused to give any further information, such as the identity of the criminal attackers, or the volume and type of data accessed by the them.

Although it's usually just thought of as storage for BitLocker keys, the Trusted Platform Module services a wide range of Windows security features: storing other keys and the PINs for Windows Hello biometrics and Credential Guard; blocking brute-force dictionary attacks so that even shorter PINs and passwords are more secure; powering virtual smart cards; acting as the hardware root of trust for secure boot and measured boot; attesting to PC health after boot with Windows Defender System Guard; and enabling 'white glove' and self-service Autopilot deployments. To run Windows 11, CPUs need to have the hardware virtualisation features to enable virtual secure mode for Virtualisation-Based Security and the Hypervisor-Protected Code Integrity that underlies a range of protections that Microsoft has been building since Windows 8, like Application Guard, Control Flow Guard, Credential Guard, Device Guard and System Guard.

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. Nobelium is the name assigned by Microsoft to the nation-state adversary responsible for the unprecedented SolarWinds supply chain attacks that came to light last year.

A security vulnerability in Cisco Adaptive Security Appliance that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.

A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN's owners failed to provide the services they promised."

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that's trained on publicly available source code and natural language with the goal of translating comments and code written by a user into auto-generated code snippets. "GitHub Copilot draws context from the code you're working on, suggesting whole lines or entire functions," GitHub CEO Nat Friedman said in a blog post.

The United Nations International Telecommunication Union published its 2020 Global Cyber Security Index on Tuesday, and listed the US first in overall ranking, followed by a tie for second place tie between the UK and Saudi Arabia. The index ranks nations using 82 questions developed by a panel of experts.

The United Nations International Telecommunication Union published its 2020 Global Cyber Security Index on Tuesday, and listed the US first in overall ranking, followed by a tie for second place tie between the UK and Saudi Arabia. The index ranks nations using 82 questions developed by a panel of experts.

There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to infiltrating almost every industry, constantly devising more sophisticated methods to attack organizations.