Security News > 2021

Maybe it's sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet. At least the potentially more hazardous activities, such as storing personal data on your work machine or storying sensitive company data on your personal devices.

Roughly one million computers are getting rid of the Emotet malware after law enforcement agencies served them an update meant to trigger an uninstall process on April 25. One of the most prevalent threats of the past half a decade, Emotet first emerged in 2014 as a banking Trojan, but evolved into a malware downloader that was employed by many cybercriminals to distribute various payloads.

South Africa-based technology solutions provider Altron has acquired Lawtrust, which provides digital trust and cybersecurity solutions, for ZAR 245 million. Cybersecurity firm Coalfire purchased Neuralys Corporation, a company that has developed a cloud-based penetration testing management platform.

A technology provider says a malware attack triggered a dayslong outage that has caused reservations systems to crash at about 20 low-cost airlines around the world. A spokeswoman for Radixx's parent, Southlake, Texas-based Sabre Corp., said Friday that the company was beginning to restore service to airline customers.

Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software's In-Place Upgrade functionality. "Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested," Click Studios says.

To date, hacking has exclusively been a human activity. Separately, AIs can engage in something called reward hacking.

QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the 7-Zip open-source file archiver utility. CVE-2020-36195, an SQL injection vulnerability affecting QNAP NAS running Multimedia Console or the Media Streaming add-on.

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware network.

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. The leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K, Australia, Brazil, and Canada.

The trouble with good ideas is that, taken together, they can be very bad. It's a good idea to worry about supply chain malware injection - ask SolarWinds - and a good idea to come up with ways to stop it. It's even a good idea to look at major open-source software projects, such as the Linux kernel, with their very open supply chain, and ask - is this particularly vulnerable? After all, a poisoned Linux kernel would be bad enough to make people forget SolarWinds.