Security News > 2021 > February

The U.S. Cybersecurity and Infrastructure Security Agency says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds. "While the supply chain compromise of SolarWinds first highlighted the significance of this cyber incident, our response has identified the use of multiple additional initial infection vectors. We have found that significant numbers of both the private-sector and government victims linked to this campaign had no direct connection to SolarWinds," a CISA spokesperson told SecurityWeek.

ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware. NoxPlayer is used by gamers from over 150 countries around the globe according to BigNox but, as ESET found in January 2021, the supply-chain attack was focused on infecting only Asian gamers with at least three different malware strains.

The UK Post Office has awarded two contracts worth a total of £30m for a banking network and ATMs system in a procurement expected to be worth £357m once all contracts are awarded. UK government-owned company which runs the familiar local outlets has awarded Cennox a £26m contract for banking automation managed services while Vocalink has won a £4m contract for provision of a highly resilient, compliant and secure platform providing ATMs. The Post Office said last year it planned to close almost a third of its 2,000 cash machines, which are free to use and valuable to the public where alternative facilities are scarce.

Cloud data protection provider OwnBackup has completed a $167.5 million Series D funding round, which helped it reach "Unicorn" status, at a valuation close to $1.4 billion. To date, the company has raised a total of more than $267.5 million in funding.

Chaos engineering is a way for security teams to replace continuous firefighting with continuous learning, according to two industry experts. At the RSA 365 Virtual Summit this week, Aaron Rinehart, CTO and co-founder Verica, and Jamie Dicken, manager of applied security at Cardinal Health, explained how this approach to IT security works.

Trusted identity, payments and data protection solutions provider Entrust acquired HyTrust, a company that provides virtualized and multi-cloud data encryption, key management, and cloud security posture management solutions. Tech solutions provider GMI has bought Alagen, a cybersecurity services consultancy.

The Perl.com domain, which since 1997 had been serving articles about Perl programming, was hijacked last week. The Perl Foundation announced last week that the domain was hijacked, warning users to steer clear of Perl.com, due to possible connections to sites associated with malware distribution.

Cisco's anti-spam service SpamCop failed to renew spamcop.net over weekend, causing it to lapse, which resulted in countless messages being falsely labeled and rejected as spam around the world. When the domain name expired, *.spamcop.net resolved to a domain parking service's IP address.

Just when we thought 2020 couldn't get worse, security firm FireEye broke the news that the compromise of a software solution by IT solutions provider SolarWinds had resulted in security breaches across the public and private sector, at dozens of companies and government agencies, including the U.S. Departments of Commerce, Treasury, Justice, Defense, and the Center for Disease Control. The National Security Agency, the main body tasked with protecting government assets from hackers, did not detect the breach.

To select a suitable PAM solution for your business, you need to think about a variety of factors. Ease of implementation and speed of deployment: There are a litany of examples of technology solutions failing to deliver anticipated benefits because they were not fully implemented, so your chosen PAM solution should easily integrate with the existing technology stack and enable rapid roll-out.