Security News > 2020 > December

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware in attempts to further compromise their networks, after ongoing investigations of the SolarWinds supply chain attack. To build the list of victims infected with the Sunburst backdoor via the compromised update mechanism of the SolarWinds Orion IT management platform, the researchers decoded a dynamically generated part of the C2 subdomain for each of the compromised devices.

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre, announced today the coordinated takedown of Safe-Inet, a popular virtual private network service that was used to facilitate criminal activity. The service, which comes with support for Russian and English languages and has been active for over a decade, offered "Bulletproof hosting services" to website visitors, often at a steep price to the criminal underworld.

As IT departments work to plan for 2021, IT leaders will need to reevaluate, prioritize and advocate for the technical and interpersonal needs of their employees. While leaders need to encourage continued training for their team members, an effective leader has the self-awareness to know where they personally need to develop.

This accelerated digital transformation served as a forcing function that brought IT and security together to reconcile legacy technology, identify risks in the supply chain, narrow the expanding attack surface and realign programs to support core business objectives. Due to security teams implementing new network configurations and security controls essentially overnight, there is a high potential of new risks being introduced through misconfiguration.

New account fraud based on ID verification declined 23.2% worldwide YOY in 2020, compared to 2019 results, according to Jumio. Selfie fraud rates higher than fraud based on government-issued ID. The report examines fraudulent attempts to open a new account using a manipulated government-issued ID and a corroborating selfie.

In the Department of Defense the display reinvigorated interest in counter-swarm tactics research, for drones and swarming tactics can have applications in all warfighting domains. It enables Kaminer's group to establish a multi-university, multi-year effort to develop an operational planning simulation for defense against an attacking drone swarm.

Europe was flat at 5% and 37%, respectively, and China improved markedly to 47% and 60%. On a positive note, 76% of CFOs expect the U.S. economy to improve in 2021 - reassuring but not surprising given how it fared in 2020. Only 19% expect the economy to grow faster over the next five years than pre-pandemic - when the economy was slowing.

ColorTokens announced its ColorTokens Partner Program and Partner Portal, providing distributors, resellers, and other technology service providers the resources they need to get started in the enterprise information security market. The ColorTokens Partner Program allows easy entry for first-time cloud security partners, guiding them to develop skills, scale revenue, and achieve success.

Tufin announced the release of Tufin Orchestration Suite R20-2, integrating network security policy best practices with external risk assessment tools to help users evaluate network access risks and minimize their attack surface. "With the latest release of the Tufin Orchestration Suite, we've expanded risk analysis to include additional sources of information beyond Tufin's Unified Security Policy."

D-Link has announced its latest DXS-3610 series Layer 3 Stackable 10G Managed Switches that offer high scalability, high availability, and high redundancy. With 10G Ethernet switching capacity of up to 2.16 Tbps, forwarding rates of up to 1607 Mbps, and 100G uplink port speeds, the DXS-3610 series is extremely powerful.