Security News > 2021 > October

Microsoft has officially released Windows 11 and ISO images that allow you to create bootable media to perform clean installs of the operating system and troubleshoot bugs and problems. Go to Download Windows 11 page in your favorite web browser.

Facebook - along with Instagram and WhatsApp - went down globally today. At approximately 11:39 a.m. ET today, someone at Facebook caused an update to be made to the company's Border Gateway Protocol records.

Facebook, Instagram, and WhatsApp are starting to come back online after a BGP routing issue caused an over five-hour worldwide outage. As explained by Giorgio Bonfiglio, a Principal TAM at Amazon AWS, various Facebook routing prefixes had suddenly disappeared from the Internet's BGP routing tables, effectively making it impossible to connect to any services hosted on their IP addresses.

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory without generating sign-in events in the targeted organization's tenant," researchers from Secureworks Counter Threat Unit said in a report published on Wednesday.

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. As is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks until a majority of users are updated with the patches, but noted that it's aware that "Exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild."

In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware. "Adversaries have set up a phony website that looks like Amnesty International's - a human rights-focused non-governmental organization - and points to a promised antivirus tool to protect against the NSO Group's Pegasus tool," Cisco Talos researchers said.

A newly discovered data exfiltration mechanism employs Ethernet cables as a "Transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. Dubbed "LANtenna Attack," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas.

Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers. Self-described as "The world's most connected company," Syniverse provides text messaging routing services to over 300 mobile operators, among them Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile.

As of Monday afternoon, Facebook had been flat on its face for hours, suffering a simultaneous worldwide outage not only on its main site, but also at its Instagram, WhatsApp, Messenger and Oculus VR subsidiaries. The New York Times reported that Facebook's internal communications platform, Workplace, was also dragged offline, "Leaving most employees unable to do their jobs." It's been a thumb-twiddling afternoon, the Times reported, with two Facebook employees comparing it to a "Snow day."

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That's according to WatchGuard Technologies' latest report on findings within its telemetry, which also found that these detections come primarily from two malware families: AMSI.Disable.