Security News > 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.

As you probably know, the server side of a TLS connection usually submits a so-called digital certificate right at the start of proceedings. If the signature checks out and the CA checks out, then the TLS connection is considered verified; if not, you will see one of those "Certificate warning" pages that fraudulent or misconfigured sites provoke.

American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems. The Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.".

Microsoft has updated the icons used in File Explorer to be the new Fluent icons, and while they look great, there is a tradeoff between design and functionality. Microsoft announced last year that they were beginning a process of migrating the existing Windows 10 icons to their Fluent design system, which is supported in Windows, iOS, Android, and web applications.

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

In 2021, Microsoft is planning to release exciting new Surface products and software updates for Windows 10. Windows 10 21H1. The first update of the year is Windows 10's Spring 2021 Update "21H1" and it's essentially based on version 2004 and version 20H2, and it'll be delivered via an enablement package.

A Windows hacker has found a never-before-seen Easter egg in the Windows 95 Internet Mail application, twenty-five years after the software was released. This week, a new Easter egg in Windows 95's Internet Mail program has been discovered by Windows hacker and developer Albacore, opening a secret window that displays a scrolling list of the developer's names.

British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. This week, customers began receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace, had suffered a data breach after a cyberattack on January 17th, 2021.

Apple has just pushed out an emergency "One-bug" security update for its mobile devices, including iPhones, iPads and Apple Watches. Just like the last emergency Apple patch, this vulnerability affects WebKit, Apple's core web browser code.

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is ready for exfiltration. Zimperium researchers who spotted it said that it's capable of "Stealing data, messages, images and taking control of Android phones."