Security News > 2021

Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security. "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.

CD Projekt Red announced today that they are delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 due to their recent cyberattack. Patch 1.2 is expected to be a major release containing many bug fixes and performance improvements for known issues that players are experiencing.

VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution flaw in its vCenter Server management platform. The researcher found the most critical of the flaws, which is being tracked as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware.

The System of Electronic Interaction of Executive Bodies hacked in this attack is used by most public authorities to share documents, as the country's national security and defense agency explained. The attack belongs to the so-called supply chain attacks.

One in four remote workers reuses work credentials on consumer sites, but IT isn't doing them any favors by reportedly failing to provide essential protection while away from the office. Remote work has proliferated since the beginning of the COVID-19 pandemic, but nearly a year in cybersecurity hasn't caught up, leaving businesses incredibly vulnerable.

For its "2021 Cyber Security Report," Check Point looked at some of the major cyber incidents that occurred in 2020, from ransomware attacks against healthcare facilities to data breaches of large companies to the SolarWinds-related exploit and attack. SEE: How to manage passwords: Best practices and security tips.

Leveraging security ratings as part of your cyber risk management program provides metrics that help you cut through the complexity to understand where the risk lies in your digital and vendor ecosystem. Target the areas of specific risk in your entire ecosystem.

Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security. Both are already working at the Linux Foundation, so what is new? "Gustavo's been working on the Linux kernel at the Linux Foundation for several years now," Lorenc tells us.

A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association, cybersecurity firm Malwarebytes reported on Wednesday. Over time, the group evolved its toolset from PowerShell Empire to the Koadic and Octopus RATs, and used LuminosityLink, RMS, Quasar, njRat and Remcos RATs in between.

"Even though these new Nvidia drivers will halve the earning rate of the cybercriminals, the crooks aren't paying for the electricity, so any unlawfully mined crypto-coins are still essentially free money for them." "In the early days, it was possible to mine Bitcoin using the average computer CPU or a high-speed video processor card; however, today, mining for Bitcoin requires dedicated Bitcoin mining hardware to make it a profitable endeavor," according to the report.