Security News > 2021

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware. As ransomware attacks gained greater traction and variety in 2020, so too will they bring about more developments in 2021.

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach. In a Thursday statement, the jet maker revealed that an unauthorized party was able to access and steal data by exploiting a vulnerability in "a third-party file-transfer application." While the company did not say which third-party software was compromised, the general characteristics of the incident suggest it was Accellion's FTA service.

NASA and the US Federal Aviation Administration have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a Washington Post report. NASA is an independent U.S. federal agency coordinating its civilian space program.

Between February 2018 and November 2020, Vietnam-linked hacking group Ocean Lotus targeted Vietnamese human rights activists in the country and abroad with spyware, a new report from Amnesty International reveals. Also referred to as APT32, APT-C-00, SeaLotus, and Cobalt Kitty, Ocean Lotus is a highly sophisticated group that has been active since at least 2012, mainly focused on media, human rights, and civil society organizations, but also targeting Vietnamese political dissidents, foreign governments and companies.

Twitter this week announced that it has suspended multiple accounts that were found to be part of four networks involved in disinformation activities associated with Armenia, Iran, and Russia. The threat actors behind these accounts are believed to be state-sponsored, and Twitter permanently suspended all four networks, for violating its manipulation policies.

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time.

VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges. vCenter Server is a management software designed to provide a centralized platform for controlling VMware vSphere environments.

A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month. Put simply, "Systeminformation" is a lightweight Node.js library that developers can include in their project to retrieve system information related to CPU, hardware, battery, network, services, and system processes.

Research from Modzy found that security is also a serious concern with 72% of companies reporting that security breaches or threats to AI systems. Modzy surveyed 821 decision-makers about how companies are deploying and managing AI for the new report, "The Race Towards Artificial Intelligence Adoption."

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.