Security News > 2021 > September

Drivers working for Amazon Delivery Service Partners are increasingly under constant surveillance for safe driving, monitored by artificial intelligence which awards them a score and generates voice reminders for safe driving. Drivers who spoke to Vice's Motherboard complained the tech is too sensitive, often wrong and making their jobs miserable - and not to mention, taking money out of their paycheck.

Apache OpenOffice is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release. CVE-2021-33035: RCE in Apache OpenOffice up to 4.1.10 - pure memory corruption.

Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. Internet Information Services is Microsoft Windows web server software included with all Windows versions since Windows 2000, XP, and Server 2003.

International law enforcement has busted up an extensive cybercrime operation run by a gang with ties to the Italian Mafia. The suspects used various lures to convince victims to wire money to bank accounts controlled by the criminal network, according to Europol.

For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Current users of Windows 10 who plan to update their operating systems to Windows 11 when it is released in October 2021 will first have to meet several non-negotiable and stringent prerequisites.

App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data. "But like so much of cybersecurity, it's a could-a, should-a situation:"CloudSEK has observed that a wide range of companies - both large and small - that cater to millions of users have mobile apps with API keys that are hardcoded in the app packages," according to CloudSEK researchers Arshit Jain and Sai Ahladini Tripathy.

We've been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. The scammer then pretends to be the courier company handling the "Delivery", correctly identifying the item, its value and its made-up shipping code.

U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor. NEW Cooperative is a farmer's feed and grain cooperative with over sixty locations throughout Iowa.

Microsoft is investigating several issues impacting Outlook customers and leading to problems related to security keys, search results, and more. "Adding a Gmail account to Outlook while using a security key for 2-step verification causes this error: This browser does not support security keys," Microsoft revealed on its list of recent issues in Outlook for PC. Redmond is also looking for a fix to address reports of search results for Outlook Suggested Searches being inaccurate, incomplete, or missing.

What's the first step to recovering from a ransomware attack? Making sure you have a recovery plan in place well before you get attacked. It's not just a question of minimizing the chances of an attacker breaking through your defenses.