Security News > 2021

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. "It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register.

Strata announced at Microsoft Ignite that its Maverics Identity Orchestrator platform for Microsoft Azure Active Directory enables organizations to migrate applications to the Cloud without rewriting them so identity can be centrally managed by Azure AD. In addition, Strata allows companies to modernize on-premises apps by extending Azure AD authentication and access control capabilities to them with no code changes. Strata makes it possible to transition applications to Azure AD with no user experience changes and no burden on application teams, so organizations can manage and enforce consistent access across hybrid cloud environments.

If you suddenly realise you want to use Python module called asteroid, for example, you can just do pip install asteroid, after which your own Python programs can say import asteroid, and start making use of the package. A third sort of supply chain attack - one that is rather less sophisticated and has no guarantee of success, yet is extremely easy to pull off - is to create a fake package with a misleading name that users in a hurry might download and install by mistake.

Confluera announced that its Board of Directors has appointed John Morgan as the new CEO. A leader with a strong business vision, Morgan succeeds co-founder Abhijit Ghosh who will take on a new role as chief technology officer. Morgan brings more than 20 years of leadership experience spanning early-stage startups to public companies including Microsoft, MobileIron, Nokia, and SonicWall.

Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. Over the years, third-party cookies have become the mainstay driving digital ad business, but mounting concerns about data privacy infringement have led major browser vendors such as Apple, Mozilla, Brave, and Microsoft to introduce countermeasures to pull the plug on invasive tracking technology, in turn forcing Google to respond with similar privacy-first solutions or risk losing customer trust.

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance server were exploited to steal sensitive business documents. As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared screenshots of files belonging to the company's customers on a publicly accessible data leak website operated by the CLOP ransomware gang.

Cybercriminals are now deploying remote access Trojans under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. While the ObliqueRAT modus operandi previously overlapped with another Transparent Tribe campaign in December 2019 to disseminate CrimsonRAT, the new wave of attacks differs in two crucial ways.

To help these technologies work better together while maintaining security, the Global System Mobile Association provides global industry specifications-guided by industry leaders-to help the ecosystem navigate these challenges. Last November, the GSMA launched its new process for the governance and approval of Industry Specifications.

Microsoft has pushed out a new update for their Microsoft Safety Scanner tool to detect web shells deployed in the recent Exchange Server attacks. On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web servers.

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. When Google creates a new browser feature, it is first tested in Google Chrome Canary and Google Chrome Beta.