Security News > 2021 > January

Even though the holidays are over in many countries, it has been a very quiet week for ransomware. January 2nd 2021 Apex Laboratory confirms ransomware attack; only recently discovered data theft DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors.

If you already use Dropbox, then you may want to take the new Dropbox password manager for a spin. To import your saved passwords from another source, click the Try It button and select either your browser or another password manager.

By bringing StackRox's powerful Kubernetes-native security capabilities to Red Hat OpenShift, Red Hat will further its vision to deliver a single, holistic platform that enables users to build, deploy and securely run nearly any application across the entirety of the hybrid cloud. Red Hat has long been a leader in security for enterprise open source solutions, beginning with Red Hat Enterprise Linux and continually evolving to set new standards to secure cloud-native environments.

Which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the Cybersecurity and Infrastructure Security Agency Chris Krebs, and former Facebook security executive Alex Stamos. Stamos over the past year has been tapped by other companies hit by various security scandals - including Zoom, after a COVID-19 surge in its user base led to Zoom-bombing cyberattacks and privacy concerns.

Researchers have discovered vulnerabilities that expose Rockwell Automation's FactoryTalk Linx and RSLinx Classic products to denial-of-service attacks. According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impacting the FactoryTalk Services Platform.

IBM-owned Red Hat is to snaffle container security outfit StackRox and plans to fold the company's tech into its OpenShift platform. The amount being spent on the acquisition was not shared, although Crunchbase reported that StackRox has picked up more than $65m of funding in recent years, with a $26.5m investment led by Menlo Ventures as recently as September last year.

Microsoft Believes 1,000 Hackers Involved in SolarWinds Attack - Microsoft executive Brad Smith says more than a thousand software engineers were most likely involved in the SolarWinds attack, and that Microsoft tasked 500 engineers with investigating the attack. Many SolarWinds Customers Failed to Secure Systems Following Hack - Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according to RiskRecon.

In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary. For more details, see: How Apple's new App Store privacy requirements may affect users and app developers.

Following a significant security incident that sent shockwaves through the global cybersecurity community, SolarWinds has hired a newly formed cybersecurity consulting firm founded by Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency and Alex Stamos, former security chief at Facebook and Yahoo. Generically named the Krebs Stamos Group, its website currently shows limited information about the firm, saying its goal is to "Help organizations turn their greatest cybersecurity challenges into triumphs."

Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello, an evolutionary step from Encrypted Server Name Indication. In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security SNI extension to Firefox Nightly.