Security News > 2021

DefenseStorm announced the addition of Mike Shah as chief financial officer. Shah brings over 25 years of accounting and finance experience to this role, with his last 10 years focused on the financial technology software arena.

WordPress announced today that they are treating Google's new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.

WordPress announced today that they are treating Google's new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.

In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files. While most ransomware operations demand thousands, if not millions, of dollars in cryptocurrency, Nitro Ransomware deviates from the norm by demanding a $9.99 Nitro Gift code instead. Based on filenames for NitroRansomware samples shared by MalwareHunterteam and analyzed by BleepingComputer, this new ransomware appears to be distributed as a fake tool stating it can generate free Nitro gift codes.

The US government sanctioned this week twenty-eight cryptocurrency addresses allegedly associated with entities or individuals linked to Russian cyberattacks or election interference. The US government introduced these sanctions in an executive order by President Biden that formally announced that the Russian SVR, and its hacking division, commonly referred to as APT29, The Dukes, or Cozy Bear, were behind the recent SolarWinds supply chain attack.

New DNS vulnerabilities have the potential to impact millions of devicesForescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. FBI removes web shells from hacked Microsoft Exchange serversAuthorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. The benefits of cyber threat intelligenceIn this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence.

Google is bringing its Dinosaur Game to Apple iPhones as an iOS widget that you can add to your home screen. When Google Chrome cannot access the Internet, it displays a Dinosaur Game where you jump and duck under obstacles while waiting for the Internet to be fixed.

Twitter is suffering a worldwide outage that started last night and is continuing into Saturday morning with erratic behavior and features partially working. On mobile devices, Twitter users are being shown messages stating, "Tweets aren't loading right now. Try again."

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. In January, we reported on a new Windows 10 vulnerability discovered by Jonas Lykkegård that allows any user or program, even those with low privileges, to mark an NTFS drive as corrupted simply by accessing the special ​folder.

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. In January, we reported on a new Windows 10 vulnerability discovered by Jonas Lykkegård that allows any user or program, even those with low privileges, to mark an NTFS drive as corrupted simply by accessing the special ​folder.