Security News > 2021

Microsoft has released the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2, with fixes for device deactivation issues and unresponsiveness while playing games in full-screen. After installing the KB4598291 non-security update you may experience issues with system and user certificates getting lost when updating from Windows 10 1809 or later versions utilizing outdated update media.

Enterprise security software is essential to protecting company data, personnel, and customers. Enterprise security software comes in many forms and flavors.

read more

In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise attacks targeting K-12 school teachers by impersonating their colleagues. "We detected a recent spike in business email compromise attacks soliciting gift cards primarily targeting K-12 school teachers. Attackers impersonate colleagues or school officials to ask recipients to purchase various gift cards," Microsoft Security Intelligence warned.

Cybersecurity firm Trustwave on Wednesday reported that one of its researchers recently discovered several potentially serious vulnerabilities in products made by Texas-based IT management solutions provider SolarWinds. SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company's Orion monitoring product, and a few hundred - ones that presented an interest to the attackers - getting other malware that may have given the hackers deep access into their networks.

Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday. Unlike the alleged Russian attackers who inserted malware directly into the company's Orion network monitoring platform by compromising its build environment, another group has simply found and exploited a vulnerability in the software.

A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. This week, Will Dormann, a security researcher with Carnegie Mellon University's CERT Coordination Center, revealed that the Adobe ColdFusion installer doesn't create a secure access-control list on the default installation directory.

How it gets onto servers is unclear though systems infected by Kobalos have their SSH client tampered with to steal usernames and passwords, and presumably server addresses, that are typed into it. These details could be used by the malware's masterminds to log into those systems to propagate their malware.

Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday. In late December, a few weeks after it came to light that Texas-based IT management solutions provider SolarWinds was targeted in a sophisticated supply chain attack, researchers from several organizations revealed that one of the pieces of malware they had analyzed, dubbed Supernova, had apparently been used by a second group that was not related to the supply chain attack.

We have published our in-depth analysis of the Solorigate backdoor malware, the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices. One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader.