Security News > 2021

Infrastructure modernization remains the most important use case for enterprise open source for the third consecutive year, according to Red Hat's newly released State of Enterprise Open Source Report. "The two are closely related because new applications are a big part of digital transformation. Taken together, they clearly demonstrate that organizations are using enterprise open source for strategic purposes, not just for infrastructure 'plumbing,'" the report said.

The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. "Modifications in the ObliqueRAT payloads also highlight the usage of obfuscation techniques that can be used to evade traditional signature-based detection mechanisms."

A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The fresh version of Ryuk also reads through infected devices' Address Resolution Protocol tables, which store the IP addresses and MAC addresses of any network devices that the machines communicate with.

Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.

Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. Last month, BleepingComputer was the first to report that a threat actor was selling a stolen Oxfam Australia database containing 1.7 million user records.

The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January. Jailbreaks remove restrictions and give users greater control over their iPhone or iPad. The developers of the jailbreak named Unc0ver recently announced the availability of version 6.0.0, which they claim works on all versions of iOS between 11.0 and 14.3 on many iPhones and iPads, including the iPhone 12 Pro launched a few months ago.

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.

Healthcare services provider Universal Health Services last week revealed that a cyberattack it fell victim to in September 2020 had an estimated financial impact of $67 million. Within one month after the incident, hospitals were able to resume normal operations, with technology applications restored at acute care and behavioral health hospitals, and re-established connections to all major systems, including electronic medical records, laboratory, and pharmacy systems.

Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform. Windows Server 2022 is now in preview and "Provides secured connectivity enabled by industry-standard AES 256 encryption," as Microsoft announced today.

Microsoft adds new security, privacy, and compliance features to the Microsoft Teams chat and collaboration solution, including end-to-end encryption support for one-on-one voice calls. Microsoft Teams is a cloud collaboration platform designed to allow an organization's team to stay organized and communicate via text, audio, and video, all in one place.