Security News > 2021 > January

The reality is that the device almost always goes overlooked-and in many ways, it has become the weakest and most vulnerable link in IT security. They make sure that all users are authenticated, their network is encrypted, and the SaaS applications are secured-but what about the device you are connecting from? Your laptop or desktop that is connecting to all your work applications and sensitive data?

Despite the impact of COVID-19, momentum for enhancements to LTE and 5G standards continue with additional releases from the Third Generation Partnership Project. 5G Americas announced the publication of a white paper providing an update on the newest 3GPP releases launching the next chapter of 5G standardization and beyond.

A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service. The seller says that they obtained the database recently, following a successful SQL injection attack and that it can be used to steal the funds of premium members.

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary code on the device and make unauthorized purchases.

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor. Attributing the campaign to Winnti, Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents that purported to be a curriculum vitae and an IELTS certificate.

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "Clearer picture" of one of the most sophisticated attacks in recent history. "The attackers behind Solorigate are skilled campaign operators who carefully planned and executed the attack, remaining elusive while maintaining persistence," researchers from Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center, and Microsoft Cyber Defense Operations Center said.

Verimatrix announced general availability of version 2.2 of the Verimatrix Application Protection service for Android. The company's latest Code Protection service for Android applications now supports the forthcoming Android ecosystem change that will mandate the use of Android Application Bundles in the second half of 2021.

Field Nation is introducing an enhanced version of Field Nation Premier that provides MSPs with three new features: MarketSmart Insights, PeopleSmart Talent Management Suite and WorkSmart Productivity Suite. "For MSPs, maximizing profitability has never been more challenging or more critical," said Wael Mohammed, EVP of Product Management, Field Nation.

CyberCube has updated its data-driven analytic software to seamlessly enable insurers to quantify losses to scenarios that Lloyd's has issued to syndicates for the upcoming March data collection deadline. CyberCube has introduced the three scenarios for realistic cyber disasters as part of its Portfolio Manager product, which is used by risk carriers.

KABN announces that it has entered into an agreement to partner with The Campus Agency to create innovative engagement programs for Liquid Avatar to reach the US college and university student, alumni and family market. KABN NA and The Campus Agency will be working together to engage micro-influencers, develop and launch innovative engagement and Augmented Reality programs to introduce the college and university market to the Liquid Avatar and KABN value programs.