Security News > 2021 > September
Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks. "The problem is that HP OMEN Command Center includes a driver that, while ostensibly developed by HP, is actually a partial copy of another driver full of known vulnerabilities," SentinelOne researchers said in a report shared with The Hacker News.
IT teams have been forced into compromising security for business continuity at a time of rising threats, a HP report reveals. Pressure to compromise security for business continuity 76% of IT teams admit security took a backseat to business continuity during the pandemic, while 91% felt pressure to compromise security for business continuity.
Worldwide server market revenue declined 2.5% year over year to $23.6 billion during the second quarter of 2021, according to the International Data Corporation. "Broadly speaking, server market performance was muted in the second quarter as the market shifted slightly towards single socket server configurations," said Paul Maguranis, senior research analyst, Infrastructure Platforms and Technologies at IDC. "While servers purchased directly from ODMs declined year over year, some past backlog recovery within the hyperscale datacenter community contributed to a large jump in this segment when compared to the first quarter of this year."
Zero Trust deployment - moving all your apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise in order to gain access - has been rapidly introduced as a result of the pandemic. Most attempts at achieving Zero Trust access today are a patchwork of disparate products from different vendors connected to virtual private networks, with rudimentary on-off access controls based on limited visibility.
Enterprises have been forced to adapt to a new state of "Normal," shifting from traditional office-based operations to distributed environments that must still provide the same level of connectivity, security, and efficiency across the organization. A recent International Data Corporation survey found that addressing connectivity across geographies and transforming networks to become more virtual and agile were among the top networking issues that enterprises must address to ensure a more efficient business and operational environment.
Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates. On August 24, 2021, researchers with the organization reported that the iPhones of nine Bahraini activists had been hacked between June 2020 and February 2021 using NSO Group's Pegasus spyware and two zero-click iMessage exploits.
Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The updates arrive weeks after researchers from the University of Toronto's Citizen Lab revealed details of a zero-day exploit called "FORCEDENTRY" that was weaponized by Israeli surveillance vendor NSO Group and allegedly put to use by the government of Bahrain to install Pegasus spyware on the phones of nine activists in the country since February this year.
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. Google Chrome will also automatically check for new updates the next time you restart the browser.
Apple users should immediately update all their devices - iPhones, iPads, Macs and Apple Watches - to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS. The patches will fix at least one vulnerability that the tech behemoth said "May have been actively exploited."
Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.