Security News > 2021

We [took] the Linux kernel as target OSS and safely demonstrate[d] that it is practical for a malicious committer to introduce use-after-free bugs. The Linux kernel team was unsurprisingly unamused at being used as part of an unannounced experiment, especially one that was aimed at delivering a research paper about supply chain attacks by actually setting out to perpetrate them under cover.

TechRepublic's Karen Roby spoke with Otavio Freire, president, CTO and co-founder of SafeGuard Cyber, about security issues in collaboration software. There's a video stream, there's an audio stream, there's text, there's files.

While apps like Zoom, Slack, Teams and others are great for working from anywhere, they also create a larger attack surface.

The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers. According to researchers, Mount Locker has been a swiftly moving threat.

American aviation regulators have ordered private jet operators to install software updates for Garmin collision avoidance units after multiple reports of false alarms - raising the risk of a mid-air crash. The affected Garmin products, its GTS 8000 series, generated seven false Traffic Collision Avoidance System warnings, said the US Federal Aviation Administration in a formal Airworthiness Directive published [PDF] earlier this month.

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.

One such distribution is Parrot OS. Before we get into this, know there are two different flavors of Parrot OS-a general desktop distribution and one purpose-built for security. Parrot OS Security edition has you covered, regardless of what security issue you're digging into.

An examination of cybercrime ecosystems reveals it mirrors legitimate financial organization and market systems. "Cybercriminals need to move money and pay employees in their organization just like any other company," said Derek Manky Chief Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs.

How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically let you write to another part.

The U.S. government's Cybersecurity and Infrastructure Security Agency has raised an alarm for a new cyberattack in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes. Both the Pulse Secure virtual private network appliances and the SolarWinds platform are known targets for threat actors: the former for initial access to an environment, and the latter for performing supply chain attacks.