Security News > 2021

Identity and access management giant Okta late Wednesday announced plans buy rival Auth0 in an all-stock transaction valued at roughly $6.5 billion. Okta, based in San Francisco, Calif., expects the transaction to speed up its growth in an identity management market estimated to be in the range of $55 billion.

The mobile application called WiFi Mouse, which allows users to control mouse movements on a PC or Mac with a smartphone or tablet, has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw. Impacted is the Android app's accompanying WiFi Mouse "Server software" that is needed to be installed on a Windows system and allows the mobile app to control a desktop's mouse movements.

Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw. "The Chrome team is delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux," according to Google on Tuesday.

Malaysia Airlines sent out an email to frequent flyer program members assuring them that there's "No evidence" their personal data has been misused in the wake of a supply-chain attack via a third-party vendor. Malaysia Airlines' frequent flyer program, Enrich, was breached sometime around March 2010 - and remained exposed until June 2019, leaving thousands of members' personal data, including name, date of birth, gender, contact information, ID number, status and tier level unprotected, an email sent out to members from the company said.

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure protocol used for authorizing online card transactions. 3DS adds a layer of security for online purchases using credit or debit cards.

Business email compromise scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average. In a new report by email cybersecurity company Agari, BEC scammers have started to target investors with fake 'capital call' notices that carry a much larger payout than your standard BEC scam.

GRUB, a popular boot loader used by Unix-based operating systems has fixed multiple high severity vulnerabilities. In 2020, BleepingComputer had reported on the BootHole vulnerability in GRUB2 that could have let attackers compromise an operating system's booting process even if the Secure Boot verification mechanism was active.

Jason Nurse, an associate professor in cybersecurity at the University of Kent, and a visiting academic at the University of Oxford, cautioned that personal photos and information shared via various online platforms used by remote workers can expose not only the employee, but also corporate networks, to threats from savvy attackers who are looking to exploit personal data. With more workers online than ever due to the COVID-19 pandemic, people have gotten so comfortable with sharing photos and other personal information online that they may not be aware of how it can be misused, Nurse said.

Ride-sharing giant Uber has quietly snapped up veteran security leader Latha Maripuri to be its Chief Information Security Officer. Uber has been without a formal security chief since the departure of John 'Four' Flynn in July 2020.

The Russian-speaking group behind the infamous RTM banking trojan is now packing a trifecta of threats as it turns up the heat - part of a massive new money-grab campaign. Beyond the banking malware it is known for, attackers have enlisted a recently-discovered ransomware family called Quoter as part of a new double-extortion cyberattack strategy.