Security News > 2020 > December

Kawasaki Heavy Industries on Monday revealed that information from its overseas offices might have been stolen following a security breach that occurred earlier this year. The thorough investigation, Kawasaki says, revealed that "Some information from overseas offices may have been leaked to external parties."

In a recent spate of swatting attacks, perpetrators have hijacked smart gadgets to watch or live stream the bad joke unfolding and engage the responding officers. Swatting originates from prank calls to emergency services.

Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. As the Microsoft 365 Defender Team explains, after infiltrating a target's network with the help of the Sunburst backdoor, the attackers' goal is to gain access to the victims' cloud assets.

Goodbye, 2020 - and good riddance, right? Most of us don't want to take too much from this year into the next - but let's make an exception for what we learned about security in the wake of the COVID-19 pandemic. "Coupled with a challenging home environment where devices are often shared with family members and the rapid change that occurred, there was little time to prepare and that fact has been exploited widely by hackers leveraging phishing attacks and known exploits to penetrate and maintain their hold on the remote environment. In 2021, enterprises need to focus on patching the holes in their security defenses as the majority of their workers continue to operate remotely."

The Voyager cryptocurrency brokerage platform halted trading yesterday after suffering a cyberattack targeting their DNS configuration. Voyager Digital LLC is a cryptocurrency broker that allows investors to trade assets using the Voyager mobile app.

Chris DeRamus: Providing a platform that secures cloud data through automation has resulted in companies becoming enablers of the cloud. Chris DeRamus: Cloud operations will improve and become more secure once automation is implemented early on in the cloud development lifecycle, significantly decreasing the potential for human error.

"Despite thousands of cybersecurity products, data breaches are at an all-time high," writes Bishop in his sponsored VentureBeat article To protect people, we need a different type of machine learning. It has the ability to look at historical data and calculate important features by aggregating all of the relevant data points which are then passed to the machine learning model.

The US Treasury Department's Financial Crimes Enforcement Network warned financial institutions of ransomware actively targeting vaccine research organizations. "FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines," the US Treasury Department bureau warned [PDF].

Japan's Kawasaki Heavy Industries announced a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices. "Because Kawasaki handles important sensitive information such as personal information and social infrastructure-related information, information security measures have been a top priority for the company," Kawasaki said.

Enterprises will take baby steps towards left-shifting their vulnerability remediation programs. As we move into 2021, the good news is we'll learn a lot about left shifting vulnerability remediation programs.