Security News > 2021
Roid 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. In the name of privacy, the Google developers made it possible to use a randomized MAC address, starting with Android 8.
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.
An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks. Researchers have identified Raindrop as one of the tools used for those follow-on attacks.
Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service attacks and cryptomining. It is actively adding infected Linux devices to a botnet, and has the ability to launch DDoS and network flooding attacks, as well as cryptomining activity.
A bug in Google Search is causing a browser tab to freeze when searching between a specified range of dates. Google has a search feature under the Tools > Any Time drop-down menu that allows you to search for content published within a specific date range.
Peachtree Corners, GA, a city northeast of Atlanta known for its pioneering use of smart city technology, is adding a new tool to its lineup: Artificial intelligence-powered software that gives security cameras the ability to tell if people are violating COVID-19 regulations. The software, created by UK-based CCTV tech company Cawamo, can be used on any security camera, meaning there's no need to buy new hardware in order to use it.
Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," Malwarebytes CEO and co-founder Marcin Kleczynski said.
The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information. Those that maintain the forum for the Linux-based open-source firmware said the forum was breached in the early hours of Saturday Jan. 16, though how attackers got in remains unknown, according to a security notice posted to the forum's home page.
The UK's Information Commissioner's Office needs to update its Code of Employment Practices to tackle workplace spying by bosses, the Prospect trade union and the Labour Party have said. The call for more regulation of workplace surveillance comes after recent reports of new gadgets designed to tell bosses whether their toiling underlings are happy or sad. It also echoes previous calls by Prospect for stronger regulation of workplace surveillance tech.
Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews. For all alerts, Microsoft Defender for Endpoint automatically starts an investigation on the machine, inspecting files, processes, registry keys, services, and anything else that may contain threat-related evidence.