Security News > 2021 > September

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors. A recently reported security vulnerability in Microsoft's MSHTML browser engine is being found all over the world, and Kaspersky said it "Expects to see an increase in attacks using this vulnerability."

Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. Like all browsers, Mozilla Firefox automatically configures a browser to a default search engine for performing searches via the address bar.

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. Gov domain hosting the offending files and displaying a specific Laserfiche error message.

Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. When this feature starts rolling out to older Android devices, it will be made available on all devices with Google Play services and running Android 6.0 up to and including Android 10.

An IT recruitment agency says a "Phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport." The email - sent to applicants and clients of Concept Resourcing, based in Dudley, England, on 14 September and seen by The Reg - claimed users could "Get your Digital Coronavirus Passports today" and showed recipients a big juicy link where they could do so.

An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords. Last month, Beyond Identity published the results of a survey highlighting password protection habits, office password "Guessing games" and more.

Add in the fact that Dell found the average organization is managing 10 times more data than they did in 2016 and you have a perfect storm of data security that could threaten to overwhelm organizations and the IT teams that support them. In addition to the aforementioned statistics, Dell also said that 62% of GDPI respondents expressed concern that their existing data protection measures were insufficient to cope with existing malware and ransomware threats.

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday.The four security flaws were found in the Open Management Infrastructure software agent silently installed by Microsoft on more than half of all Azure instances.

It's pretty clear that hybrid work is here to stay, for the foreseeable future, anyway, and yet, only 31% of small businesses are shipping laptops to at least some employees, according to a new report. The Tech at Work survey from GetApp, part of Gartner Digital Markets, also found that one in four workers used their personal laptop for work before the pandemic.

Time has not been kind to IDS and has created wide security gaps. To combat the outdated nature of IDS, organizations should adopt next-generation IDS to fulfill the defense-in-depth promise unmet by legacy IDS. NG-IDS is effective against more types of attacks and fills glaring decryption and cloud compliance gaps while improving security.