Security News > 2021

In practice few who install such systems add such capabilities as IP address detection white lists, or if they do make them too broad for various non technical reasons. Further the use of a secure rolling time credential token or other non time static credential would have twarted such an attack.

The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions. Chrome Sync is a browser feature designed to automatically synchronize a user's bookmarks, history, passwords, and other settings after they log in with their Google account.

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. The phrase "Exploit exists in the wild" is shorthand for "The crooks found this vulnerability before we did and are already using it in real-life attacks".

Reg reader Andy told us: "Got an email from SitePoint this morning saying that they had been hacked and some non-important stuff like names, email addresses, hashed passwords etc might have been stolen. Coincided with a big increase in spam that I've been getting but that's probably coincidence." An email sent to SitePoint users and seen by The Register confirmed the hack, though at the time of writing, the company has not published anything about it on its website or social media accounts.

Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout. Cybercriminals who hire themselves out for DDoS campaigns are beefing up their attacks by abusing a popular media library tool.

Atlanta-based packaging giant WestRock on Friday shared an update on the recent ransomware incident that impacted the company's information technology and operational technology systems. "The Company's mill system production through February 4 was approximately 85,000 tons lower than plan," the company said in a press release on Friday.

Microsoft has announced today that Microsoft Edge Legacy will be permanently removed and replaced with the new Microsoft Edge after installing April's Windows 10 Patch Tuesday security update. "To replace this out of support application, we are announcing that the new Microsoft Edge will be available as part of the Windows 10 cumulative monthly security update-otherwise referred to as the Update Tuesday release-on April 13, 2021," the Microsoft Edge Team said.

The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. This week SitePoint users told BleepingComputer that they received extortion and fake cryptocurrency giveaway emails to addresses that they state were specifically created for and only used at SitePoint.

Microsoft has warned of an increasing number of consent phishing attacks targeting remote workers during recent months, BleepingComputer has learned. Consent phishing is an application-based attack variant where the attackers attempt to trick targets into providing malicious Office 365 OAuth apps with access to their Office 365 accounts.