Security News > 2021

A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera's video stream, according to researchers. "A server header is a strip of information provided with RTSP that details numerous factors, including the device type. The server header gives us evidence of which devices provide unauthorized access."

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week's Patch Tuesday security updates. Microsoft said that the erroneous servicing-stack update froze installations for the "Cumulative Update" from the recent Windows Update.

Today, LastPass began emailing customers of their Free service with news that starting on March 16th, 2021, users will no longer be allowed to use the service on both mobile and computer desktops simultaneously. According to this email, LastPass Free users will be able to use the service on their Android and iOS mobile devices simultaneously but not on computers or vice-versa.

Facebook on Tuesday announced several new features for its bug bounty program, including an educational resource and payout guidelines. The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories.

Microsoft has officially confirmed that Windows 10, version 21H1 will be the next Windows 10 update to be released later during the spring of 2021. Windows 10 21H1 will come with no hardware requirement changes when compared to Windows 10 20H2, the previous release, according to a blog post on the company's official Windows Hardware Certification blog.

The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.

Microsoft has pulled a problematic Windows servicing stack update after blocking Windows 10 and Windows Server customers from installing the security updates released during this month Patch Tuesday. Servicing stack updates are designed to provide fixes to the Windows servicing stack, the component used by the OS to correctly receive and install updates.

An Android app that's been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk attacks on people's devices, researchers discovered. The flaws exist in an app called SHAREit, which allows Android app users to share files between friends or devices.

Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars. A new report from Trend Micro analyzes a day in the travels of a connected car to identify the cyberattacks most likely to succeed.

Strata Identity, a Boulder, Colo.-based startup that is on a mission to help unify on-premises and cloud-based authentication and access systems for multi-cloud environments, today announced that it has raised $11 million through a Series A funding round led by Menlo Ventures with support from ForgePoint Capital. With businesses increasingly using multiple cloud providers, managing identity and security policies across various cloud platforms can be challenging.