Security News > 2021

The security bugs impact the company's SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics. As Trend Micro mobile threat analysts Echo Duan and Jesse Chang found, the now-fixed security bugs can be abused by attackers for gaining access to the sensitive information stored by users on devices running vulnerable SHAREit versions.

Researchers have identified a set of threat actors with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. As noted, the point of entry for the attacks was Accellion FTA, a 20-year-old legacy product used by large corporations around the world.

Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off. News of NurseryCam's compromise was conveyed to the company by The Register just after 5pm on Friday, leading the firm to tell parents: "On 17:18 Friday 19th February 2021, it has come to our attention of a cyber incident detected in our NurseryCam system."

Two of the areas that we had mentioned by a lot of our CISOs were security automation and application security. In the case of security automation, it's well known that there is a big talent shortage in the security market.

Team8 surveyed cybersecurity leaders to find out where they will spend their money in 2021.

A new macOS malware known as Silver Sparrow has silently infected almost 30,000 Mac devices with malware whose purpose is a mystery. In a collaboration between Red Canary, Malwarebytes, and VMware Carbon Black, researchers have found a new Mac malware that exhibits unusual properties, including a component explicitly compiled for the new Apple M1 chip.

Social news community site Reddit announced on Monday that it has hired Allison Miller as Chief Information Security Officer and VP of Trust. Miller joins Reddit from Bank of America where she most recently served as SVP Technology Strategy & Design, and had been overseeing technology design and engineering delivery for the bank's information security organization.

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. "To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.

A South Carolina county continues to rebuild its computer network after what it called a sophisticated hacking attempt. Hackers sent an email Jan. 22 that allowed them to take over Georgetown County's computers.

A piece of malware that has infected almost 30,000 Mac computers has triggered questions over its intent and ultimate payload. SEE: Security Awareness and Training policy. Based on data from Malwarebytes, the malware dubbed Silver Sparrow by researchers at Red Canary, has so far landed on 29,139 macOS machines across 153 countries, including the US, UK, Canada, France and Germany.