Security News > 2021

Dr Jason R.C. Nurse is an Associate Professor in Cyber Security at the University of Kent, and a Visiting Academic at the University of Oxford. As part of the Sophos Evolve 2020 event, Jason joined Doug Aamoth, Sophos product marketing director, and Sara Eberle, senior director of public relations, to talk about his work.

Microsoft has addressed a known issue impacting multiple Windows 10 apps and causing them to forget users' passwords after upgrading devices to certain Windows 10, version 2004 builds. The issue was resolved in the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2. This update also comes with fixes for device deactivation issues and freezing problems while playing games full-screen.

Apple's macOS Big Sur operating system and multiple Cisco products are also affected by the recently disclosed major security flaw in the Sudo utility. The vulnerability was patched in Sudo 1.9.5p2. Researchers at cybersecurity firm Qualys, who discovered the bug, only tested it on several Linux distributions, such as Debian, Fedora, and Ubuntu, but did warn that most Unix- and Linux-based systems are likely affected by the vulnerability.

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

Kaspersky has released the results of research into fraud detected by its Fraud Prevention platform in 2020, and the results further reinforce what we already knew: 2020 was a banner year for online fraudsters, with account takeovers dominating as the method of choice. Occurring whenever a bad actor is able to steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected by Kaspersky in 2019 to 54% by the end of December 2020.

A report released Wednesday by security firm Digital Shadows looks at how such an effort was orchestrated to put a seeming end to the infamous Emotet malware. On Jan. 27, the European Union Agency for Law Enforcement Cooperation revealed that a global coalition of law enforcement and judicial authorities across several countries had disrupted Emotet through an endeavor known as "Operation Ladybird."

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

If Twitter is suddenly using a dark mode theme, you are not alone. Starting yesterday, Twitter automatically switched to a dark or light theme based on your operating system settings.

Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Three additional critical Qualcomm bugs were reported by Google and patched by Qualcomm - part of a separate security bulletin disclosure.

Microsoft has released the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2, with fixes for device deactivation issues and unresponsiveness while playing games in full-screen. After installing the KB4598291 non-security update you may experience issues with system and user certificates getting lost when updating from Windows 10 1809 or later versions utilizing outdated update media.