Security News > 2021

In a filing with the Securities and Exchange Commission this week, North American trucking and freight transportation logistics giant Forward Air Corporation said a December 2020 ransomware attack had an impact on its fourth quarter financial results. In a December 2020 filing with SEC, the company revealed that a ransomware incident affected its operational and information technology systems, causing service delays.

Cisco this week released software updates to address multiple vulnerabilities across its product portfolio, including critical severity bugs in several small business VPN routers and SD-WAN products. The company warned that the web-based management interface of small business RV160, RV160W, RV260, RV260P, and RV260W VPN routers is affected by seven severe vulnerabilities that could be abused by unauthenticated, remote attackers to execute arbitrary code as root.

Jack Wallen walks you through the manual process of installing ModSecurity for NGINX on Ubuntu Server 20.04. ModSecurity cannot be enabled with an instance of NGINX installed with apt-get, so you must do it manually.

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement reads.

A team from Google has now posted at length about the issue in the hope of "Sparking industry-wide discussion and progress on the security of open source software." The post - called "Know, Prevent, Fix" - is co-authored by Eric Brewer, VP of infrastructure at Google, distinguished engineer Rob Pike; principal software engineer Abhishek Arya; program manager, Open Source Security, Anne Bertucio; and product manager Kim Lewandowski.

Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. Back in November, cybercriminals attacked hundreds of thousands of Spotify users utilizing this approach, prompting the streaming music service to issue password-reset notices.

Researchers have demonstrated how to outsmart Nespresso Pro machines that use certain smart cards, hacking them to dispense coffee on-demand. Some of the commercial machines accept Mifare Classic stored-value smart cards, which allow users to load money onto the cards to use in the machines.

Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the company's support ticket system and steal source code for Stormshield Network Security firewall software. StormShield is a French cybersecurity firm that develops UTM firewall devices, endpoint protection solutions, and secure file management solutions.

Facebook told KrebsOnSecurity it seized hundreds of accounts - mainly on Instagram - that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Microsoft has announced that Windows 10, version 2004 has now been added to the broad deployment channel and will be available to everyone via Windows Update. Microsoft officially started rolling out Windows 10 2004 in May 2020, but for many people, it wasn't yet being offered when checking via Windows Update.