Security News > 2021

Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft. Describing the attacks as "Limited and targeted," Microsoft Threat Intelligence Center said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments.

Movandi announced William Ruehle has joined as its chief financial officer. Ruehle brings more than 40 years of experience driving strategy and business performance at both public and private companies as well as scaling high-growth revenue and leading successful companies to IPO, most notably Broadcom from 1997-2006.

Virsec announced that John Chambers, former Executive Chairman and CEO of Cisco Systems and current founder and CEO of JC2 Ventures, has joined Virsec as an investor and strategic advisor. "We are at an inflection point for the next shift in cybersecurity and Virsec is at the forefront of that by protecting application workloads at runtime."

C3 AI announced that software industry veteran Jim H. Snabe has joined the C3 AI Board of Directors. Mr. Snabe currently serves as Chairman of the Supervisory Board of the German industrial giant Siemens AG, and as Chairman of the Board of A.P. Møller - Mærsk A/S, the world's largest shipping and transportation company, based in Denmark.

Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers. In all, Microsoft said the attacker chained four zero-days into a malware cocktail targeting its Exchange Server product.

A popular jailbreaking tool called "Unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks. These four zero-day vulnerabilities are chained together to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network.

Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. "Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild," the Google Chrome 89.0.4389.72 announcement reads.

The cyberattack that hit Universal Health Services in September has cost the healthcare service provider a whopping $67 million in damages, according to financial statements. With UHS subsidiaries encompassing 26 acute care hospitals, 328 behavioral health inpatient facilities, and 42 outpatient facilities and ambulatory care centers in 38 states across the U.S., the impact of the cyberattack was far reaching.

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The patches released today fix security problems in Microsoft Exchange Server 2013, 2016 and 2019.