Security News > 2021 > March

Britain's 2021 Defence Review states that the nation will not use nuclear weapons against any non-nuclear state party to the Treaty on the Non-Proliferation of Nuclear Weapons 1968. Around the same time, the UK Attorney General, Jeremy Wright QC MP, said, "The UK considers it is clear that cyber operations that result in, or present an imminent threat of, death and destruction on an equivalent scale to an armed attack will give rise to an inherent right to take action in self-defense, as recognized in Article 51 of the UN Charter."

Deviating from their typical activity, an Iranian threat actor known as TA453 has mounted a phishing campaign targeting senior medical professionals in the United States and Israel, cybersecurity firm Proofpoint reports. Also referred to as Charming Kitten, Phosphorus, APT35, Ajax Security Team, ITG18, NewsBeef, and Newscaster, the group has been active since at least 2011, mainly targeting activists, journalists, and other entities in the Middle East, the U.K., and the U.S. The new campaign, which Proofpoint named BadBlood due to its focus on medical personnel, targeted individuals specialized in genetic, neurology, and oncology research, in line with a broader trend in which threat actors are targeting medical research.

New York's Department of Financial Services warns of an ongoing series of attacks resulting in the theft of personal information belonging to hundreds of thousands of New Yorkers. Tactics used to steal New Yorkers' private info.

The study, "Identity and Access Management for the Hybrid Enterprise," conducted by Forrester Consulting for ForgeRock and Google Cloud, also found that the industry has significant opportunities to improve the IAM experience for the majority of hybrid cloud adopters. Nearly 90% of those surveyed are held back from embracing IAM in the cloud because their current IAM offerings lack the stability, scalability or capabilities that their organizations need, according to Forrester.

Remote working has introduced a cluster of headaches for organizational IT teams, with security being perhaps the biggest. The use of personal devices appears to be one of the biggest culprits: 48% of respondents admitted to using their own devices to access work documents and corporate networks while working from home.

Most of the recent credential phishing attacks seen by Menlo Security served phony Outlook and Office 365 login pages. In its report, the Menlo Tabs team said it discovered a rise in credential phishing attacks over the past month.

The start of Major League Baseball season is upon us, and password security firm Specops software is using the yearly milestone to remind people that easily guessed passwords like those containing MLB team or mascot names are a sure-fire way to strike out on keeping your account safe. In reality, the most commonly found team mascots in compromised passwords were Houston's Orbit, Cincinnati's Gapper, Detroit's Paws, Toronto's Ace, Colorado's Dinger, Atlanta's Blooper, and Arizona's Baxter, each of which appeared several thousand times.

Critical infrastructure protection firm OPSWAT has secured $125 million growth funding from Brighton Park Capital. OPSWAT is expanding rapidly, and Benny Czarny, founder and CEO, expects to hire up to 100 more over the next three years in the Tampa, Florida area.

The IRS is warning of a phishing scam that promises refund information but looks to capture Social Security numbers and other sensitive data. With tax season in bloom, cybercriminals have launched a series of phishing attacks aimed at university students and employees eager to receive potential tax refunds.

Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign-dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel-aimed to steal credentials of professionals specializing in genetic, neurology and oncology research, according to new research posted online Wednesday from Proofpoint's Joshua Miller and the Proofpoint Research Team.