Security News > 2021

Despite my best efforts to come up with a brilliant "Thought leadership" piece on what I think the Biden Administration should do, the best answer has already been written and published in March of 2020 as the 2020 Cyberspace Solarium Commission Report. Co-chaired by Senator Angus King and Representative Mike Gallagher, the bipartisan Cyberspace Solarium Commission proactively scrutinized U.S. cybersecurity in much the same way the 2004 9/11 Commission Report reactively assessed failings within the U.S. Intelligence Community and offered recommendations for sweeping changes.

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted - blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it.

Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. SAP applications compromised via known vulnerabilities.

Facebook this week announced that in March it removed a total of 14 networks of accounts from its online services, for spreading deceptive content meant to manipulate public opinion. Emerging from a total of 11 countries, these networks included a total of 1,167 Facebook accounts and 290 Instagram accounts, as well as 255 pages and 34 groups on Facebook, the social platform announced.

In its 2020 Consumer Threat Landscape report, Bitdefender reckoned that most malware and ransomware infections occurred in the first half of the year - with cybercrims being noticeably less active in the runup to Christmas. The company reckoned that during 2020, two-thirds of all ransomware attacks it detected in the UK happened in Q1 and Q2 - with 11 per cent of the year's total taking place in Q4. Similarly, the company reckoned 74 per cent of cryptocurrency miner malware attacks took place in H1, whereas H1 2019 saw 54 per cent of the year's detected total taking place.

In its 2020 Consumer Threat Landscape report, Bitdefender reckoned that most malware and ransomware infections occurred in the first half of the year - with cybercrims being noticeably less active in the runup to Christmas. The company reckoned that during 2020, two-thirds of all ransomware attacks it detected in the UK happened in Q1 and Q2 - with 11 per cent of the year's total taking place in Q4. Similarly, the company reckoned 74 per cent of cryptocurrency miner malware attacks took place in H1, whereas H1 2019 saw 54 per cent of the year's detected total taking place.

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

A researcher has disclosed the details of a series of vulnerabilities that could have been exploited by an attacker to access an organization's private pages on GitHub. GitHub Pages is a service that individuals and organizations can use to host websites.

According to the Verizon Business Mobile Security Index 2021, the massive shift to remote work caused by the COVID-19 pandemic left many businesses knowingly vulnerable to attacks from employees' mobile devices. Of the more than 850 businesses surveyed for the report, 40% said mobile devices are their company's biggest IT security threat, yet 45% still sacrificed the security of mobile devices to enhance useability, meeting business needs or meeting project deadlines or productivity targets.

The leak of personal data from more than 533 million Facebook users was scraped from their profiles by malicious actors because of a security flaw in the company's platform prior to September 2019, the social media giant said Tuesday. Threat actors posted that data to a public hacker forum over the weekend, once again raising privacy concerns and putting Facebook in the middle of controversy over its protection, or lack thereof, of user data.