Security News > 2021

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability. SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign. The malware is delivered using spear phishing emails that purport to come from legitimate companies, including from within the victim organization itself and other companies that the victim might do business with.

Account takeovers and online banking fraud are two types of attacks on the rise against financial institutions and their customers, says Feedzai. Amid the coronavirus pandemic, 2020 saw a quick and abrupt transition to digital banking and commerce, a boon for banks and customers alike.

Germany security officials are proposing that Internet companies should link a user's real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists. Like in many other countries, mobile phone firms in Germany are required to verify a customer's identity before selling them a SIM card.

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service attacks due to a vulnerability in the Snort detection engine. Cisco says the vulnerability is in the Ethernet Frame Decoder component of Snort.

For the brave - or perhaps foolhardy - senior IT jobs hunters there is an opening at the UK Home Office for a Deputy Director of IT Operations in a lovely '70s era highrise in Croydon. In September, as chief digital, data and technology officer at the Home Office, Joanna Davinson told Parliamentary spending watchdog the Public Accounts Committee that delays to the troubled Emergency Services Network would create additional annual costs "In the ballpark" of £550m "Across the whole of the legacy estate".

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. CISA "Strongly" recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers.

Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers. Managed detection and response solutions provider Huntress says it has already observed more than 200 compromised Exchange Servers that received payloads within the "C:inetpubwwwrootaspnet clientsystem web" directory, and claims to have identified more than 350 web shells to date.

An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication. Pulling data from more than 500 attacks analyzed in incident response jobs, Group-IB was able to provide an overview of the evolution of the ransomware business in 2020 and the tactics, techniques, and procedures used in the events leading to encrypting victim systems.

Check Point has evidence that Chinese hackers stole and cloned an NSA Windows hacking tool years before Russian hackers stole and then published the same tool. 2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.