Security News > 2021

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. Since December 2020, the US Department of Justice seized four other domains used by fraudsters for various nefarious purposes, including fraud, phishing attacks, and/or infecting targets' computers with malware.

Patches for four actively exploited Exchange Server vulnerabilities have already been delivered with the updates for supported versions released last week. Among the vulnerabilities patched by Microsoft on this March 2021 Patch Tuesday are several deserving extra attention.

Note, of course, that the crooks don't have to be able to run uploaded files right away in order to do serious damage. In the recent Hafnium attacks, you've probably seen numerous mentions of the attackers using things known as webshells as a trick to launch files that they just infiltrated.

It's raining patches in the Microsoft Windows ecosystem. Software giant on Tuesday dropped a mega-batch of security updates with patches for a whopping 89 documented vulnerabilities, including one used in zero-day attacks against some in the white-hat hacker community.

The US government might have subtly signalled that it likely won't hack Russia this month - by telling credulous journalists it has a "Clandestine" plan to, er, launch an attack against its rival before April. Set against the backdrop of the SolarWinds and FireEye hack, and the most recent Hafnium attacks against Microsoft Exchange servers, it isn't hard to imagine presidential PR advisors wanting to give the impression that cyber warfare is their boss's top priority.

Adobe on Tuesday announced that it has patched critical code execution vulnerabilities in its Connect, Creative Cloud, and Framemaker products. In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation.

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today. With today's update, Microsoft has fixed 82 vulnerabilities, with 10 classified as Critical and 72 as Important.

As part of the March Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. Like every Windows Update, you can open the Settings app and click on the Windows Update option to install the patches.

Attackers can abuse a wide range of Window legitimate tools, including but not limited to Microsoft Defender, Windows Update, and even the Windows Finger command. While being legitimately used by thousands of admins each day for managing their organizations' Azure fleets, their capabilities can also be used for malicious purposes, including circumventing network defense lines.

A hospital in southwest France has seen some of its IT systems paralysed by a "Ransomware" cyberattack, its management said Tuesday, the third such incident in the last month. Hospital workers have had to revert to working with pens and paper, since digital patient records are not available.