Security News > 2021

Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system. Snort is an open source tool developed by Cisco that provides real-time traffic analysis and packet logging capabilities.

Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies. This previously unknown information was disclosed by security experts part of the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center, and Microsoft Cyber Defense Operations Center.

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. The January 2021 Critical Patch Update addresses issues in both Oracle products and third-party components that are included in the company's products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

Google Project Zero researcher Natalie Silvanovich outlined what she believes is a common theme when it comes to serious vulnerabilities impacting leading chat platforms. The research, published Tuesday, identifies a common denominator within chat platforms, called "Calling state machine", which acts as a type of dial tone for messenger applications.

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. This release is a significant upgrade for Mac users as it provides native support for Apple Silicon and fixes audio distortion in macOS. In addition to bug fixes and improvements, this release also fixes numerous security vulnerabilities reported by Zhen Zhou of the NSFOCUS Security Team.

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does not use SolarWinds but believes that the same attacker used "Another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments".

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does not use SolarWinds but believes that the same attacker used "Another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments".

Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report. The study released Monday by the security firm Emsisoft said ransomware attacks - which encrypt and disable computer systems while demanding a ransom - affected 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities last year.

Cisco has released security updates to address pre-auth remote code execution vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. Chrome 88 also arrived with improved password protections, including a check that helps users identify weak passwords and immediately act upon the issue, to ensure better protection of their accounts.