Security News > 2021

Firefox Total Cookie Protection comprehensively partitions cookies and other site data between websites. Mozilla has added Total Cookie Protection to both the desktop and mobile versions of its browser, though the feature isn't enabled by default.

The European Banking Authority took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. Last week, Microsoft patched multiple zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server and exploited in ongoing attacks coordinated by multiple state-sponsored hacking groups.

Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program. Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified "In early January." So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCORE who goes by the handle "Orange Tsai." DEVCORE is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.

Recently, the new Adidas Yeezy Boost 700 "Sun" shoes from Kanye West made their debut, raising concerns that bots were likely on a shopping spree as they traditionally are during weeks when a hot new brand is launched. "Monitoring bots were indeed active both days while the checkout bots were active when the inventory was available to purchase. Using our advanced detection techniques, PerimeterX was able to block most of these sneaker bots at the beginning of the launch and prevent scalpers from buying the shoe in question," DeCarlis said.

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. On Friday, Flagstar Bank issued a security disclosure on their website and began emailing customers about a breach of their Accellion FTA server.

The Financial Industry Regulatory Authority has issued an alert to warn brokerage firms of a phishing campaign that is currently ongoing. A not-for-profit organization, FINRA is U.S. government-authorized and overseen by the Securities and Exchange Commission.

GOV top-level domain as its new policy and management authority starting next month. GOV top-level domain and makes such domains available to US government organizations, from local municipalities to federal agencies.

The University of the Highlands and Islands in Scotland is fending off "An ongoing cyber incident" that has shut down its campuses. "We are currently working to isolate and minimise impact from this incident with assistance from external partners. We do not believe personal data has been affected," said the university, adding: "The source of the incident is not yet known."

Vaccine deployment has encountered bumps in the road as many people are still uncertain over when, where and how to get their shots. Pointing to one example, Check Point said it recently discovered a malicious website impersonating the U.S. Centers for Disease Control and Prevention and promising vaccine information.

An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. Robert Purbeck - who used online aliases Lifelock and Studmaster - was indicted Tuesday by a federal grand jury in Georgia, according to a news release from the U.S. attorney's office in Atlanta.