Security News > 2021

Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. Geico is the second-largest car insurance company in the United States, with over 17 million policies for more than 28 million vehicles.

Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. While Google Alerts has been abused for a long time, BleepingComputer has noticed a significant increase in activity over the past couple of weeks.

In 2018, Microsoft introduced a multitasking feature called "Windows Timeline" that lets you see a timeline of activities that you performed in Windows 10 including the webpages you visited, documents you created/opened, photos you added, and more. Windows Timeline, which can be accessed using Win+Tab shortcut, logs and organizes activities that you do on your PC and lets you sync the contents to other devices.

A proposal by a WordPress core contributor to treat Google's FLoC ad tech as a security vulnerability, and therefore backport an automatic opt-out to previous WordPress versions, shows the depth of community opposition to the technology. Now a WordPress Core contributor has proposed treating "FLoC as a security concern."

Following sanctions announced by the U.S. Department of the Treasury last week, Russian cyber-security firm Positive Technologies says the accusations are groundless. Positive Technologies, one of the sanctioned organizations, says it has thousands of customers in 30 countries, including large banks and telecommunications companies, but also lists on its website the Russian government as being one of its customers.

WordPress has released version 5.7.1 of its popular content management system, which brings more than 25 bug fixes, including patches for two security vulnerabilities. One of the patched security flaws is an XML External Entity vulnerability in the ID3 library in PHP 8, which is used by WordPress.

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. According to an analysis by Bleeping Computer, the ransomware verifies that the provided Discord gift codes are valid, and decrypts the files using an embedded static decryption key.

UK Home Secretary Priti Patel will badmouth Facebook's use of end-to-end encryption on Monday evening as she links the security technology with paedophilia, terrorism, organised crime, and so on. The ever-popular politician will say at the National Society for the Prevention of Cruelty to Children event: "Sadly, at a time when we need to be taking more action, Facebook are pursuing end-to-end encryption plans that place the good work and progress achieved so far in jeopardy."

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law. "Virginia is now just the second state to pass a comprehensive privacy bill. While we're pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it. This bill has some important privacy provisions, but consumers need more practical options for controlling their data."

The last 12 months has seen emerging types of extortion attempts on the part of ransomware operators. Some ransomware operators, such as the SunCrypt gang, are mounting follow-on denial-of-service attacks to put the screws to victims.