Security News > 2021

Cybersixgill announced that Darkfeed will be available through Swimlane's security automation platform. Now, Swimlane users can enhance their threat research and incident response by integrating actionable alerts from the industry's broadest and most comprehensive intelligence collection from the deep and dark web.

Box announced new and upcoming integrations with Microsoft 365 to make it easier for customers to securely work in the cloud. "Tens of thousands of enterprises globally are using Box and Microsoft together to securely power the way they work from anywhere," said Varun Parmar, Chief Product Officer at Box.

Mission Secure announced the appointment of John Adams as new Chief Executive Officer. Adams joins after recent announcements that Mission Secure closed a Series B financing round and launched a new integrated cybersecurity solution for the maritime sector in cooperation with Ince, an international legal and professional services firm.

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update on March 10 addressing the issues.

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the adversary "Accessed and downloaded a limited number of our source code repositories, as the threat actor is reported to have done with other victims of the SolarWinds Orion supply chain attack."

The printer fixing roller coaster continues as Microsoft is once again rolling out the KB5001649 out-of-band update to users via Windows Update. After installing the March 2021 Patch Tuesday updates, users began reporting that Windows 10 would crash when printing or print jobs would be missing graphics elements, have blank pages, or other issues.

With the release of the latest Windows 10 preview 'Dev' build, Microsoft is offering a glimpse at some of the new features and changes they are developing. For those unfamiliar, Microsoft added a virtual desktops feature in the Windows 10 April 2018 Update, and it allows you to maintain different desktops for open apps, instances of Microsoft Word, etc.

DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security servers to amplify Distributed Denial of Service attacks. According to reports that surfaced in December, a DDOS attack used DTLS to amplify traffic from vulnerable Citrix ADC devices that used DTLS configurations without a 'HelloClientVerify' anti-spoofing mechanism designed to block such abuse.

Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departmentsA sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries. As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leakMicrosoft Exchange servers around the world are still getting compromised via the ProxyLogon and three other vulnerabilities patched by Microsoft in early March.

Microsoft has paused the Windows 10 KB5001649 cumulative update rollout, likely due to installation issues and reported crashes. Microsoft is now offering the previously released KB5001567 emergency update instead. The March 2021 updates have been a complete mess when printing, with update after update causing new issues to arise.