Security News > 2021

Image: USCG. The U.S. Coast Guard has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. "Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security."

As you know, our usual advice for Patch Tuesday boils down to four words, "Patch early, patch often." As well as the four potential RCE holes mentioned above, there's also a patch for a bug dubbed CVE-2021-1732 that is already being abused in the wild by hackers.

In Part 1 of this two-part series, we discussed the concept of "Cyber distancing" for employees asked to work from home during the COVID-19 pandemic. While working from home or even while at work for that matter, follow these steps to avoid behaviors that may let the bad guy in.

Users whose personal details have been exposed by a third-party breach, Australians, older folks and those who use both desktops and mobile devices are at the highest risk of becoming the victim of a malicious email attack, according to Google and researchers from Stanford, who teamed up to determine who has the highest risk of being targeted. Users who had personal data exposed in a third-party breach were five-times more likely to be targeted by phishing or malware, according to the report, which highlights just how damaging these types of data breaches can be, even in the long run.

CYE, a Tel Aviv, Israel-based company on a mission to help companies identify "Real-life" cyber risks by leveraging humans and machines, announced today that it has raised $100 million in growth funding through a financing round led by private equity firm EQT. By assessing possible attack routes to valuable assets, CYE helps companies allocate resources and focus on remediation efforts more effectively, and can battle-test how security strategies evolve over time. The company explains that by leveraging ethical hackers, combined with its technology, it conducts "Non-simulated attacks" to provide deep organizational assessments, present real business risks and offer cost-effective remediation plans to optimize security investments.

Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. The patch released during the August 2020 Patch Tuesday rolled out in two phases and it forces secure Remote Procedure Call communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.

Dating has been a lot tougher for singles since the onset of the COVID-19 pandemic, forcing many people onto dating apps to supplement the real thing. Most dating apps require users to enter a significant amount of information for safety purposes, but a new report from Mozilla has found that some of the most popular dating apps take a lot more data from you than you'd expect.

Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts. The solution is not so easy if a cybercriminal has stolen the account credentials and changed not only the password, but the associated email address too.

Over 400 malicious Valentine's Day-themed phishing individual email campaigns were spotted on a weekly basis in January, according to Check Point Research. The fraudulent email sent the year has not changed and the company address is written in lower-case, according to Check Point.

Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets - including sports stars, musicians, and "Influencers" - that had money and personal data stolen. Last year unauthorised third parties took over the Twitter accounts of 130 celebrities including Elon Musk, Bill Gates, and former US president Barrack Obama.