Security News > 2022 > February

Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service. The Mozilla Maintenance Service is an optional Firefox and Thunderbird service that makes application updates possible in the background.

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. The intelligence playing field is leveling­ - and not in a good way.

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems. Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer.

Case in point: One of the most stressful remote work experiences involves mandated Windows password changes on a company-issued laptop. You can't get into your workstation to launch the VPN to try to correct the problem with another password reset on your own.

Vodafone Portugal suffered a cyberattack causing country-wide service outages, including the disruption of 4G/5G data networks, SMS texts, and television services. The cyberattack began last night with Vodafone calling the incident "a deliberate and malicious attack intended to cause damage."

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

The Chinese hackers responsible for an attack on media giant News Corp last month likely were seeking intelligence to serve China's interests in a cyberespionage incident that shows the persistent vulnerability of corporate networks to email-based attacks, security professionals said. In an email to staff, News Corp cited a "Foreign government" as responsible for the "Persistent nation-state attack" and confirmed that "Some data" was stolen, according to published reports.

Sebastien Vachon-Desjardins, a Canadian man charged by the US for his involvement in NetWalker ransomware attacks, was sentenced to 6 years and 8 months in prison after pleading guilty before an Ontario judge to multiple offenses linked to attacks on 17 Canadian victims. The US Department of Justice said in January 2021 that Desjardins allegedly obtained more than $27.6 million after multiple successful attacks and extortion attempts since April 2020, when he first took up his new ransomware affiliate role.

Optionis, the group that includes umbrella and accountancy companies providing services to tech contractors, has confirmed that following last month's digital break-in customer data is being leaked online. Parent Optionis Group later said that divisions SJD Accountancy and Nixon Williams were also hit.

After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication, Google announced that an additional 150 million users now have 2FA enabled. Google first announced that it strives to push all its users to start using 2FA in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.