Security News > 2021 > February

Some of this just comes down to numbers: The more dependencies enterprises take on open source software, the more open source software will show up in audits like these. While Orion isn't open source, it shows how supply chain attacks have become increasingly critical to combat, and reflect what we've known since Heartbleed: As open source becomes a critical part of nearly all software, we need to improve how we secure it.

The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. "Netgain determined that the ransomware incident affected data within an application used by Ramsey County's Family Health Division to document home visits" - Ramsey County Government.

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon. Mozilla, maker of Chrome rival Firefox, has been trying to decide whether Camerfirma's history of questionable certificate management practices - documented in a lengthy list - warrants banishing the Spanish company's certificates from its Root Store - the set of certificates Firefox recognizes as trustworthy by default.

AlmaLinux, the open source enterprise-level Linux distribution created as an alternative to CentOS, is released in beta with most RHEL packages and is ready for community testing. AlmaLinux is a 1:1 binary fork of RedHat Linux Enterprise Linux, backed with a $1 million annual sponsorship by CloudLinux, with support provided until at least 2029.

The first step in protecting SMBs from ransomware in the year ahead is to understand the threats facing them and how different malware work together to pull off a successful ransomware attack. The biggest ransomware attacks that take place nowadays are often orchestrated by using different pieces of malware, developed by different teams.

How can we push employees / users to take cybersecurity to heart? Dr. Maria Bada, external behavioral scientist at AwareGO, has been working on the answer for years. Her research focused on the human factor of cybersecurity, the assessment of cybersecurity awareness campaigns and their impact in changing online behavior and, gradually, it expanded from the user to the offender.

As organizational reliance on data continues to rise amid the pandemic, a Druva survey uncovered rising concerns among Indian businesses about data protection, the growing need to enhance resilience, and the role data agility plays in enabling organizational operations and connecting with customers. Of the more than 300 ITDMs surveyed in India, 31 percent report an increase in ransomware attacks on the organization since the pandemic began, and overall 89 percent of ITDMs being more concerned now with protecting their organizational data from ransomware than before the pandemic.

Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company. After compromising the update mechanism for NoxPlayer, the threat actor behind the attack pushed a series of tailored malicious updates that resulted in three different malware families being installed on the devices of a handful of selected victims.

While the shift to a digital-first life was brought on by the global pandemic, U.S. consumers plan to keep it up - with online banking, social engagements, and personal shopping, at the top of the list, McAfee reveals. Cybercriminals taking advantage of consumers' increased online presence.

This has created an opportunity for a new kind of cybersecurity service - Connected Customer Assurance & Protection Services. CCAPS: Outlining the risks for households and small businesses.