Security News > 2021 > January

Independent of who uses them, denial of service attacks can be particularly disruptive and damaging for organizations targeted by cybercriminals. TechRepublic's cheat sheet on denial of service attacks is a comprehensive guide to this topic.

If you're a user of the venerable, powerful and popular open source programming language Perl, you'll almost certainly have visited its official website at some point, at: https://perl.org. It looks as though the perl.com domain has been taken over, though by whom is hard to say, given that the domain registration is now hidden behind a DNS privacy-guarding proxy.

A new ransomware called Vovalex is being distributed through pirated software that impersonates popular Windows utilities, such as CCleaner. While Vovalex is no different, what stands out to Advanced Intel's Vitali Kremez and MalwareHunterTeam, who found the ransomware, is that it may be the first ransomware written in D. 2021-01-29: #Vovalex #Ransomware ... in #Dlang or 'D'|x64 ~32mb Size.

The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.

Find out why it might be time to shift your cybersecurity prevention strategies to resiliency and what not to do in the process. Cybersecurity professionals are tired of losing ground to cybercriminals, so they are working with members of their companies' C-suites and boards of directors to put in place a process that some deem is more realistic than prevention: Cyber resiliency.

The ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year. Hackers, identity thieves and overseas criminal rings stole over $11 billion in unemployment benefits from California last year, or roughly 10 percent of all such claims the state paid out in 2020, the state's labor secretary told reporters this week.

The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks.

Industrial control software from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. The two make up a comprehensive human-machine interface system, used to remotely monitor and collect production data in real time, and control a variety of industrial and critical-infrastructure gear.

The European Commission's war of words against pharma company AstraZeneca over COVID-19 virus vaccines has descended into farce after Brussels accidentally published an unredacted version of a disputed supply contract. Although the main text of the contract had been heavily redacted in places, nobody thought to check the bookmarks tab had also been redacted before dumping the contract online as a PDF. A non-redacted section of the contract states: "The Receiving Party shall treat all Confidential Information as secret and confidential and shall not use, copy or disclose to any third party any Confidential Information of the Disclosing Party."

The highly sophisticated SolarWinds attack was designed to circumvent threat detection-and it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.