Inside Security is kicking off a new premium feature that provides a quick summary of the latest news. If you'd like to get this summary every day, Click here to upgrade to premium!

PATCH WATCH: Google fixes 36 Android bugs

Google patched 36 vulnerabilities in its Android operating system and related components, including a critical remote code execution (RCE) bug in System and high-severity bugs in System, Framework, and Media Framework.

To receive the full list of security patches and this feature on a weekly basis, start your FREE 14-day trial of premium!

Key senators from the Homeland Security and Government Affairs Committee are concerned that U.S. federal agencies have not fully disclosed the extent of the damage caused by the SolarWinds hack. The senators sent letters to the head of the Cybersecurity and Infrastructure Agency and the Federal Chief Information Security Officer requesting documents related to the attack, including those that detail which accounts were compromised.

More:

• The senators who sent the letters are Sen. Gary Peters (D-Mich.), the committee chair, and Sen. Rob Portman (R-Ohio), the top Republican on the committee.
• The lawmakers also asked for the Department of Homeland Security's (DHS) "current cybersecurity strategy and implementation plan and intrusion assessment plan" and analysis of the EINSTEIN intrusion prevention system's performance.
• The senators were responding to a report that the SolarWinds attackers were able to access email accounts of top DHS officials in the former Trump administration. 

Zoom Out:

• The Solar Winds hack, carried out by suspected Russian attackers, compromised the networks of nine federal agencies and more than 100 U.S. companies through malicious updates to the company's Orion network monitoring software.

SECURITY M&A AND FUNDING: Infinidome snags $2.4M

Infinidome (Caesarea, Israel), a GPS cybersecurity startup: $2.4M in Pre-series A funding led by Next Gear Ventures with participation from Honeywell Ventures.

To read more, click here to upgrade to premium!

To reduce memory safety bugs, Google is supporting the Rust programming language for Android operating system development. Rust provides memory safety guarantees by using compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid.

More from Google:

• Google estimates that memory safety bugs make up 70% of Android's high-severity security vulnerabilities.
• Memory safety bugs in the C and C++ programming languages continue to be the most difficult-to-address vulnerabilities.
• Google stressed that memory-safe languages, like Rust, are the most cost-effective means for preventing memory bugs.

Zoom Out:

• Attackers are increasingly using Android vulnerabilities to spread malware and malicious apps, according to a recent report by Bitfender. More than one-third of Android malware detected in 2020 came from the Android.Trojan.Agent family, followed by Android.Trojan.Downloader at 10%, and Android.Trojan.Banker at 7%.

Security researchers at the Pwn2Own 2021 hacking competition were able to hack into Microsoft Teams, Exchange, and Windows 10, as well as Apple's Safari browser. The competition, sponsored by Trend Micro's Zero Day Initiative (ZDI), is being conducted this week at various locations, with 23 separate entries targeting 10 high-profile products.

More from ZDI: 

• Jack Dates from RET2 Systems used an integer overflow bug in Safari and an out-of-bounds write bug to get kernel-level code execution, earning $100K.
• A team from Devcore combined authentication bypass and local privilege escalation bugs to take over a Microsoft Exchange Server, earning $200K.
• A researcher known as OV combined a pair of bugs to demonstrate code execution on Microsoft Teams, earning $200K.
• A team from Viettel used an integer overflow bug in Windows 10 to escalate from a regular user to system privileges, earning $40K.

Zoom Out:

• Pwn2Own is a hacking competition that began in 2007 as part of the CanSecWest security conference held in Vancouver. Security researchers compete to find and exploit zero-day bugs in popular software and mobile devices and win bug bounties in the process.

EU officials said that multiple EU institutions have experienced a "security incident" that affected their IT infrastructure. The officials stressed that the incident did not involve a significant data breach. 

More:

• The European Commission is working with the CERT-EU and an unidentified IT vendor whose software was involved to investigate the incident.
• The commission has set up a 24/7 monitoring system and is taking mitigation measures to limit the impact of the attack.
• The European Parliament said it was informed of the incident and is taking "immediate measures" to protect its servers against the vulnerability.

Zoom Out:

• The EU is working to improve cooperation between national computer security incident response teams, law enforcement, and the judiciary when it comes to cybersecurity incidents.

QUICK HITS:

• Keep these things in mind to ensure reliability and professionalism when connecting to a large, remote audience.*
• Ransomware attackers have to support Windows XP when they encrypt systems running the legacy operating system.
• Booking.com was fined €475K ($565K) by the Dutch Data Protection Authority for not reporting a data breach fast enough.
• Close to one-third of organizations host sensitive data in the cloud without proper security controls, according to a report by Palo Alto Networks' Unit 42.
• A Russian hacker has recently sold $38M worth of stolen gift cards from major retailers and restaurants on an underground forum.
• You don’t need a PhD in molecular biology to understand the investment potential of this scientific breakthrough.*

* This is sponsored content