Security News > 2021 > January > Week in review: Pen testing, Sunspot malware, Microsoft plugs Defender zero-day

SolarWinds hack investigation reveals new Sunspot malwareCrowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company's Orion software.

January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCEMicrosoft has plugged 83 security holes, 10 of which are critical.

One of the latter - a zero-day RCE affecting Microsoft Defender antivirus - is being exploited in the wild, but Microsoft didn't reveal more about these attacks.

But role more important than everOrganizations are spending more to account for widespread security operation center challenges including growing security management complexity, increasing analyst salaries, security engineering and management outsourcing costs, yet are still dissatisfied with the outcomes, Ponemon Institute and FireEye reveal.

Most containers are running as root, which increases runtime security riskWhile container usage reveals organizations are shifting left by scanning images during the build phase, DevOps teams are still leaving their environments open to attack, according to Sysdig.

Phishers count on remotely hosted images to bypass email filtersImages have been used for ages as a way to circumvent an email's textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/jRadX5nQftY/