Security News > 2021

CloudLinux announces the expansion of its affordable Extended Lifecycle Support services for Linux distributions, by providing its own updates and security patches for several years after expiration of the products' end-of-life date. Oracle Linux 6 Extended Lifecycle Support service will be available starting in February 2021 and will extend to February 2025.

Deloitte announced its acquisition of substantially all the assets of Root9B. The deal will bolster Deloitte's existing Detect and Respond cyber client offering with R9B's deeply experienced cyber operations professionals and its award-winning threat-hunting and risk assessment solutions. "Commercial and government entities contend with cyber adversaries who use incredibly sophisticated technology to penetrate legacy defenses and take advantage of expanding attack surfaces," said Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte.

Ivanti is acquiring Cherwell to expand the reach of its Neurons platform, providing end-to-end service and asset management from IT to lines of business and from every endpoint to the IoT edge. Ivanti will continue to maintain and invest in both Cherwell and Ivanti service management platforms while working to converge the best aspects of each.

A US Air Force intelligence officer who kidnapped her daughter to Mexico and attempted to defect to Russia with top-secret information is set to spend the better part of a decade behind bars. According to court documents [PDF] her unusual story started in July 2019, when she fled her Hedgesville home and flew to Mexico City where she contacted the Russian embassy, offering classified documents that she had removed from secure locations over the past 20 years.

A US Air Force intelligence officer who kidnapped her daughter to Mexico and attempted to defect to Russia with top-secret information is set to spend the better part of a decade behind bars. According to court documents [PDF] her unusual story started in July 2019, when she fled her Hedgesville home and flew to Mexico City where she contacted the Russian embassy, offering classified documents that she had removed from secure locations over the past 20 years.

Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affected Jetson products, said Nvidia.

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate. Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.

The latest variant, still under analysis by researchers, is raising concerns given the number of past DanaBot effective campaigns. From May 2018 to June 2020, DanaBot has been a fixture in the crimeware threat landscape, according to Proofpoint, which first discovered the malware in 2018 and posted a debrief on the latest variant Tuesday.

Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system. Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems.