Security News > 2021

Barcode Scanner, a popular Android app, slipped undesirable code into an update in early December, an update that had the potential to reach more than 10m devices though actual distribution is believed to be far less. Several weeks later, Google removed the app from Google Play.

Barcode Scanner, a popular Android app, slipped undesirable code into an update in early December, an update that had the potential to reach more than 10m devices though actual distribution is believed to be far less. Several weeks later, Google removed the app from Google Play.

"Some users claimed that files were corrupted, files were missing, the total number of credentials was smaller than advertised, and the data was of low quality," he explained - all of which led to Singularity0x01 gaining a negative reputation rating on the criminal forum. Dustin Warren, senior security researcher at SpyCloud, also took a look at the data and determined that the login combos have been in Dark Web circulation for some time.

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. Researchers discovered two cross-site request forgery flaws - one critical and one high-severity - in the plugin.

When it comes to paying the ransom in a ransomware attack, demands are on the rise. Pandemic-themed phishing scams, a sustained onslaught of ransomware attacks and the rise of a remote global workforce all colluded to make the last 12 months particularly brutal for information-security professionals, according to the report.

There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. That does not mean that Microsoft 365 administrators cannot control certain aspects of Skype for Business using PowerShell commands.

NextGen Gallery, a WordPress plugin used for creating image galleries, currently has over 800,000 active installs, making this security update a top priority for all site owners that have it installed. Both of them are Cross-Site Request Forgery bugs which, in the case of the critical vulnerability tracked as CVE-2020-35942, can lead to Reflected Cross-Site Scripting and remote code execution attacks via file upload or Local File Inclusion.

CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. On February 2nd, 20201, CD Projekt warned that Cyberpunk 2077 users should avoid using files, such as mods that modify data files or custom save game files, due to a vulnerability in how the game uses DLL files.

Microsoft warns customers not to let their guard down even after hundreds of Emotet botnet servers were taken down in late January 2021. Telemetry data collected by Microsoft since Emotet's infrastructure was disrupted shows that the botnet has seen a drastic drop in activity, but Redmond still warns customers not to take down their defenses.

The more complex a system and the more predictable the response in general the more fragile it is to unintended input or exceptions at it's outputs. The undeniable issue is humans realy "Learn by doing" or more politely "Experience".