Security News > 2021

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices.

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Apple has credited Clement Lecigne and Billy Leonard of Google's Threat Analysis Group for discovering and reporting the issue.

Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange. We also saw an increase in standard encrypting ransomware attacks targeting enterprise victims, such as Sierra Wireless, Stratus, and insurance giant CNA. On a different note, Danny Palmer wrote an interesting piece on how a company handled a recent ransomware attack and did not pay the ransom.

Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild. The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple's flagship iOS platform and the company said it was "Aware of reports that an exploit for this issue exists in the wild."

A squid potato masher for only $11.50. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Several German lawmakers have once again fallen victim to a cyber attack, local media said Friday, with security experts pointing the finger at Russian hackers. Hackers used phishing emails to gain access to the computers of at least seven federal MPs and 31 lawmakers in regional parliaments, according to Der Spiegel weekly.

The U.S. federal government is mulling changes to up its cybersecurity software game in the wake of the sprawling SolarWinds cyberattacks that came to light in December, including requiring data-breach notifications. In a draft executive order from President Joe Biden, software companies would be required to disclose any security issues to government users, according to a report from Reuters.

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy. After the Clop gang stole data from jet maker Bombardier in an Accellion hack, they leaked a small amount on their ransomware data leak site.

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy. After the Clop gang stole data from jet maker Bombardier in an Accellion hack, they leaked a small amount on their ransomware data leak site.

Email accounts of multiple German Parliament members were targeted in a spearphishing attack. It is believed that the attackers were able to gain access to the email accounts of seven members of the German federal parliament and 31 members of German regional parliaments.