Security News > 2021 > September

Google is investigating reports of black screens showing up on users' Chromebooks when trying to log into their Chrome OS accounts. The company has acknowledged this issue on the Google Customer Care Portal almost one hour ago and is yet to provide updates or a workaround for customers impacted by this bug.

On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions. Of these, the most crucial to address is CVE-2021-40444, the remote code execution MSHTML vulnerability actively exploited by attackers via malicious MS Office documents.

Intriguingly, Apple also fixed another in-the-wild bug at the same time, dubbed CVE-2021-30858. Even browsers such as Edge and Firefox, which usually use the Chromium and Gecko web rendering software respectively, have to use via WebKit instead, so WebKit security bugs can have widespread consequences on iPhones and iPads.

Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 60 flaws. Microsoft has fixed 60 vulnerabilities with today's update, with three classified as Critical, one as Moderate, and 56 as Important.

The September 2021 Patch Update is released and Microsoft is now rolling out new KB5005565 and KB5005566 cumulative updates for recent versions of Windows 10. Today's cumulative updates include security fixes for PCs with May 2021 Update, October 2020 Update, and May 2020 Update.

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. To target victims, the malware is spread from a fake Google advertisement for various software, researchers found - an indirect alternative to social-engineering tactics like spear-phishing emails.

I'm speaking at the fourth annual Managing Cyber Risk from the C-Suite conference-a virtual event conducted through Webex-on October 5, 2021. I'll be speaking at an Informa event on November 29, 2021.

Microsoft has reminded customers today that Windows 10 2004 and Windows Server 2004 will reach the end of servicing on December 14, 2021. Microsoft advises customers still running Windows 10 2004 to install the May 2021 Update that will upgrade their devices to Windows 10, version 21H1, which will reach the end of service next year, on December 13, for all editions.

Openc8... is applicable to a range of iPhone models all the way up to the iPhone X - though the research paper focuses on its use in the iTimed toolkit to audit and attack the Apple A10 Fusion chip inside an iPhone 7. The trio's - Seetal Potluri was the third researcher - checkm8 reimplementation, which brings with it a range of claimed improvements, is dubbed openc8, and is applicable to a range of iPhone models all the way up to the iPhone X - though the research paper focuses on its use in the iTimed toolkit to audit and attack the Apple A10 Fusion chip inside an iPhone 7.

The questions have gotten more sophisticated and less suspicious. I've noticed a significant uptick in Facebook questions that ask users to answer seemingly innocent questions one wouldn't think could put anyone in danger.