Security News > 2021

As Security Operations Centers mature, they need to tackle some tough challenges with respect to data, systems and people. As Security Operations Centers mature and transition to become detection and response organizations, they need to tackle some tough challenges with respect to data, systems and people.

The new Windows 10 News and Interests taskbar news feed feature is now rolling out to Windows 10 devices worldwide. Similar to Google Discover, News and Interests will build an interests profile for logged-in users based on their historically read content.

Anti-malware vendor Trend Micro is warning that attackers are attempting to exploit a previously patched vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines. "This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability," the researchers said.

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.

A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system. There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.

Update: QNAP confirmed that Qlocker ransomware has used the removed backdoor account to hack into some customers' NAS devices and encrypt their files. T]he so-called Qlocker ransomware took advantage of one of the patched vulnerabilities in HBS to launch a hostile campaign, targeting QNAP NAS directly connected to the Internet with unpatched old versions of HBS. QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS devices using hardcoded credentials.

DDoS attacks have dominated the charts in terms of frequency, sophistication, and geo-distribution over the last year. While there are no signs of DDoS attacks going away anytime soon, how do organizations ensure that their Internet assets are protected against threats of any size or kind?

Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks.

British domestic spy agency MI5 wants to dispel the idea it is staffed by martini-quaffing layabouts who spend implausible amounts of time lounging around top-end bars and hotels. The first post by MI5 on Instagram was a photo of the entrance to its London HQ. We are sure MI5 is happy to have contributed towards Facebook's object-recognition AI project, given how the agency greedily hoovers up data about Britons' online habits in the hope of finding enemy spies, terrorists, criminals, and so on.

When the pandemic struck, schools had to adapt quickly with a wholesale shift to remote learning. Attackers took immediate advantage of this change, targeting newly implemented technologies to access resources and steal data.