Security News > 2021

Microsoft announced today that the SolarWinds hackers gained access to source code for a limited number of Azure, Intune, and Exchange components. After internal investigations of their use of the SolarWinds platform, Microsoft announced in December that they were affected by the attack and that hackers could gain access to a limited amount of source code repositories.

The FBI published this warning on Wednesday as an IC3 public service announcement and as a Private Industry Notification issued to private sector organizations in coordination with DHS-CISA. Attacks on emergency services can lead to loss of lives. "The IC3 has become aware of increased coercion tactics used by the subjects, which have created a threat to emergency services across the nation," the FBI said in a public service announcement from January 2013.

Three months after Apple launched its new M1 system-on-a-chip, cybercriminals have developed what may be the first malicious macOS application targeting the mobile giant's first in-house silicon. The main differentiator here is that the application includes code tailored to run on ARM-based M1 processors - rather than only the Intel x86 processors previously utilized by Apple.

Apple on Thursday published the latest edition of its Platform Security Guide, which provides detailed technical information on the security technologies and features implemented in its products. Apple started releasing security guides for its iOS operating system in 2015 and since 2019 has been publishing platform security guides that encompass information on iOS, macOS and hardware.

NVIDIA is purposely crippling the Ethereum mining power of their upcoming GeForce RTX 3060 GPU by 50% to increase inventory for gamers. Today, NVIDIA announced the upcoming launch of the GeForce RTX 3060 on February 25th for $329, and has made a drastic step to make sure miners do not steal all of the released inventory.

The FBI, CISA, and US Department of Treasury shared detailed info on malicious and fake crypto-trading applications used by North Korean-backed state hackers to steal cryptocurrency from individuals and companies worldwide in a joint advisory published on Wednesday. "It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea-the applications enable them to gain entry into companies that conduct cryptocurrency transactions and steal cryptocurrency from victim accounts."

French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France. The attacks at the hospitals in Dax and Villefranche-sur-Saone prompted the transfer of some patients to other facilities as the French health care system is under pressure from the coronavirus pandemic.

A vulnerability in an SDK that allows users to make video calls in apps like eHarmony, Plenty of Fish, MeetMe and Skout allows threat actors to spy on private calls without the user knowing. Healthcare apps such as Talkspace, Practo and Dr. First's Backline, among various others, also use the SDK for their call technology.

More organizations are producing and consuming cyber threat intelligence than ever before, and those measuring the effectiveness of their CTI programs is higher than ever - jumping from 4% in 2020 to 38% in 2021, according to the SANS 2021 Cyber Threat Intelligence Survey. A few areas where CTI adoption seems to be lacking are in integration, automation and operationalizing threat intelligence.

A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting vulnerability on iCloud.com. Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings.