Security News > 2021

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.

Syniverse announced they are working together with Hitachi America to empower its digital solution with Syniverse CPaaS Concierge. Syniverse and Hitachi are collaborating to offer a real-time messaging and passenger journey optimization solution to the Capital Area Transit System, the regional transit authority for the Baton Rouge, La. metropolitan area.

An Indian security researcher has publicly published a proof-of-concept exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers.

Talon Cyber Security announced that it has secured $26 million in seed funding from Lightspeed Venture Partners, Team8, serial entrepreneur Zohar Zisapel, and leading cyber angel investors. There were fundamental challenges that could not be addressed using traditional security solutions such as zero trust models or VPN. Talon's unique technology makes it possible to turn an organization's security weaknesses into resilience against cyber attacks without compromising an employee's privacy or productivity.

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users into downloading and installing malicious applications linked to the malicious code built into the APKpure app.

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system.

Cohesity announced it has named Brian Spanswick chief information security officer, a new position at the company. A longtime technology and cybersecurity veteran, Spanswick will play a key role in advancing IT and security for both Cohesity and its customers - critical as the data management company continues to experience rapid growth while helping customers combat the ongoing threat of ransomware attacks.

Raytheon Technologies announced that Chief Financial Officer Anthony O'Brien has stepped down from his role as CFO. Neil Mitchill, corporate vice president, financial planning & analysis and investor relations for Raytheon Technologies and former CFO of Pratt & Whitney, has been appointed as CFO of Raytheon Technologies and will report directly to Chief Executive Officer Greg Hayes. In 2019, Mr. Mitchill was named as acting senior vice president and CFO of United Technologies Corporation, a role in which he served until the merger with Raytheon Company, when he was appointed corporate vice president, financial planning & analysis and investor relations of Raytheon Technologies.

Cambridge Quantum Computing announce the appointment of Prof. Stephen Clark as Head of Artificial Intelligence. Prior to DeepMind, Prof. Clark spent 10 years as a member of faculty at the University of Cambridge Department of Computer Science and Technology, where he was Reader in Natural Language Processing.

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. "Various details of the attack indicate that the attackers had carefully analyzed the infrastructure of the targeted organization and prepared their own infrastructure and toolset based on the information collected at the reconnaissance stage," said Vyacheslav Kopeytsev, a security researcher at Kaspersky ICS CERT. The disclosure comes days after the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warned of advanced persistent threat actors actively scanning for Fortinet SSL VPN appliances vulnerable to CVE-2018-13379, among others.