Security News > 2021

Microsoft has pushed out another update to dev favourite Visual Studio Code, but opted to hold off on the Apple Silicon version after a last-minute bug reared its head. Those running Insider versions of the code wrangler on Apple hardware have access to three flavours: x64 for Intel-powered Macs, arm64 for Apple Silicon or universal, which should work natively on either. The universal option is a larger download since it includes code for both kinds of chip.

The heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. Researchers urge Google Chrome users to update as soon as possible.

Malicious actors have been abusing Plex Media Server to amplify distributed denial-of-service attacks, according to application and network performance management company Netscout. A popular personal media library and streaming solution, Plex Media Server can be used on Windows, macOS, and Linux systems, to stream content, including that from network-attached storage devices, RAID storage, and the like.

Visual Studio is crashing when docking or dragging windows around after installing recently released. NET Framework cumulative update previews for Windows 10 and Windows Server.

Two state-owned utility companies in Brazil suffered separate ransomware attacks in the past week, forcing them to shut down some operations and services temporarily, In one case, sensitive data was stolen and dumped online, including network access logins and engineering plans. Centrais Eletricas Brasileiras and Companhia Paranaense de Energia both reported attacks, the latter of which appears to be the work of Darkside, which flogged data stolen from the attack online, according to a published report.

If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days: there is a zero-day bug being "Actively exploited" in the older version of Chrome that will also affect other vendors' browsers. Details are intentionally scant until enough of the wider world has installed the update, but the flaw exists in how Chrome handles heap overflows in V8, Chromium's Javascript engine.

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems. OTORIO has worked with GE Digital to develop a free and open source tool that can be used to harden CIMPLICITY systems by ensuring that they are configured in accordance with the vendor's guidelines for security best practices.

Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020. The total amount of bug bounty rewards increased only slightly compared to 2019, when the Internet search giant paid just over $6.5 million.

In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims. Reports, including from several mainstream media publications, have speculated about the role of Microsoft services in the SolarWinds attack and other operations conducted by the same threat group.

US presidents have long tussled with their security advisers over tech. Maybe Biden's security agents could isolate his Peloton in a specially shielded room where it couldn't infect other computers, and warn him not to discuss national security in its presence.