Security News > 2021

Apple on Monday released security patches for macOS, iOS, iPadOS, watchOS, and Safari to fix up a vulnerability that can be exploited by malicious web pages to run malware on victims' computers and gadgets. Apple thanks Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research for reporting the arbitrary code execution security flaw, CVE-2021-1844, which is present in WebKit, the browser engine used by various bits of Cupertino code.

Paysafe announces a new multi-year, global deal which will see Microsoft support Paysafe's strategic move to cloud-based transaction services. As part of the collaboration, Paysafe is leveraging Microsoft Azure's open and flexible cloud computing platform and tools for its US payment processing and merchant services.

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content.

The European Banking Authority on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal data through emails held on that servers may have been obtained by the attacker," the Paris-based regulatory agency said.

The new alliance enables clients to address the technology skills shortage by expanding the skills of new and existing talent, enabling organizations to better compete in the future of work. Together, AMS and Revature address the critical need of upskilling existing talent within organizations to close crucial skills gaps and retain talent through opportunities for internal mobility.

Leveraging the ThreatAlert in-boundary security stack, Bitglass received a FedRAMP Moderate ATO for their Total Cloud Security Platform. "We are excited to see cybersecurity solutions like the Bitglass Cloud Access Security Broker achieve a FedRAMP ATO accreditation on AWS GovCloud," said Gaurav "GP" Pal, CEO, stackArmor, Inc. "The stackArmor ThreatAlert ATO Accelerator for AWS East/West and AWS GovCloud continues to gain rapid market acceptance as it dramatically reduces the time and cost of compliance that is critical for regulated markets."

Now web security professionals are asking developers to do their part by recognizing that Spectre broke the old threat model and by writing code that reflects the new one. Last month, Mike West, a Google security engineer, drafted a note titled, "Post-Spectre Web Development," and Mozilla's Daniel Veditz of the W3C's Web Application Security Working Group asked the group to come to a consensus on supporting the recommendations.

Cisco announced the appointment of Marianna Tessel to its board of directors. "We are excited to welcome Marianna to the Cisco Board," said Chuck Robbins, chairman and CEO, Cisco.

This approach is all about data and resilience, not deliberately sabotaging your own network, according to two cybersecurity experts.

Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. In their research paper [PDF]: "Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical," researchers said the attack is unique because it works in spite of some previous side-channel defenses.