Security News > 2021

Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products. Three of the Office February 2021 non-security updates apply to the entire Microsoft Office 2016, Microsoft Office 2013, and Microsoft Office 2010 software suites, while four others address issues affecting the PowerPoint and Outlook apps.

The number of vulnerabilities discovered in industrial control system products in 2020 increased significantly compared to previous years, according to a report released on Thursday by industrial cybersecurity firm Claroty. According to Claroty, the number of ICS vulnerabilities disclosed in 2020 was nearly 25% higher compared to 2019 and close to 33% higher than in 2018.

Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal. The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security.

Canadian authorities have found that the collection of facial-recognition data by Clearview AI is illegal because it violates federal and provincial privacy laws, representing a win for individuals' privacy and potentially setting a precedent for other legal challenges to the controversial technology. A joint investigation of privacy authorities led by the Office of the Privacy Commissioner of Canada came to this conclusion Wednesday, claiming that the New York-based company's scraping of billions of images of people from across the Internet represented mass surveillance and infringes on the privacy rights of Canadians, according to a release the Office posted online.

US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians' privacy rights, Canada's privacy commissioner said Wednesday following an investigation. "What Clearview does is mass surveillance and it is illegal," Privacy Commissioner Daniel Therrien told a teleconference.

SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access 100 series appliances to patch an actively exploited zero-day vulnerability. Which specializes in firewalls and other cybersecurity solutions, previously told SecurityWeek that a few thousand devices are exposed to attacks due to the vulnerability.

The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies. While the alleged Russian hackers penetrated deep into SolarWinds network and hid a "Back door" in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion's code to help spread across networks they had already compromised, the sources said.

Claroty said 25% more vulnerabilities were reported in 2020 than in 2019, 70% of which had high or critical CVSS scores. Industrial cybersecurity company, Claroty, has released its biannual industrial control systems risk and vulnerability report, which found that the number of reported vulnerabilities increased by 25% when compared to 2019, with critical infrastructure areas like manufacturing, energy, water, and commercial facilities being most affected.

More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. In the last quarter of 2020, Coveware received an increasing number of reports about entire clusters of servers and data shares being wiped out in ransomware attacks.

More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. In the last quarter of 2020, Coveware received an increasing number of reports about entire clusters of servers and data shares being wiped out in ransomware attacks.