Security News > 2021 > January

Adversarial machine learning is a technique aimed at deceiving the ML model by providing specially crafted input to fool the AV into classifying the malicious input as a benign file and evade detection. There is great impetus to expand the knowledge that we have not just on the machine learning models that we use, but the adversarial attacks made against them.

Incydr is Code42's new SaaS data risk detection and response solution, which enables security teams to mitigate file exposure and exfiltration risk without disrupting legitimate collaboration. Incydr keeps an eye on all file-associated events that happen across the company's environment and shortens the time it takes to detect and respond to data risk caused by an insider threat.

Healix International has identified six key areas of risk - besides the continued impact of COVID-19 - for global organizations in 2021. Unless resilience starts to be factored into these considerations, disruption to supply chains will remain a significant operational risk factor.

China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. More recently the cyberspies appear to have switched to financially-motivated attacks.

Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. This week, while searching for a means to obtain COVID-19 test results online, I accidentally came across what looked like exposed COVID-19 test results for thousands of patients.

Online users are more likely to reveal private information based on how website forms are structured to elicit data, Ben-Gurion University of the Negev researchers have determined. "The objective was to demonstrate that we are able to cause smartphone and PC users of online services to disclose more information by measuring the likelihood that they sign-up for a service simply by manipulating the way information items were presented," says Prof. Lior Fink, head of the BGU Behavioral Information Technologies Lab and a member of the Department of Industrial Management and Engineering.

Cybersecurity remains a top concern for 2021, as attackers continue to threaten organizations, particularly in energy/utilities, government, and manufacturing. "Although every organization is putting more money towards cybersecurity, the ground is always shifting," said Rob Wildman, VP of professional services at Matrix Integration.

The Singapore government has decided to use data gathered by its TraceTogether COVID-19-coronavirus contact-tracing app in criminal investigations. Minister of State for Home Affairs Desmond Tan replied by saying that Singapore's Criminal Procedure Code means its Police can obtain any data for criminal investigations, including data gathered by TraceTogether.

The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service attacks. Ransomware attacks against hospitals also marked their biggest jump, with Ryuk and Sodinokibi emerging as the primary ransomware variants employed by various criminal groups.

ePlus announced that it has acquired the business of System Management and Planning, a provider of technology solutions and services in upstate New York and the Northeast. The acquisition enhances ePlus' footprint across the region, broadens its technology solution offerings especially in the areas of collaboration and supporting virtual employees, and adds to ePlus' set of commercial, enterprise and state, local, and education customers.