Security News > 2021 > March

At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis. The malicious images have raked in around $200,000 from cryptomining, according to Aviv Sasson, researcher with Palo Alto Networks' Unit 42, who found and reported the malicious activity.

Security expert says because we can't inspect the inner workings of the software we buy, we're at the mercy of software companies' security practices. TechRepublic's Karen Roby spoke with Manish Gupta, founder and CEO of ShiftLeft, a code analysis software company, about the SolarWinds attack and its effect on cybersecurity.

We're only as secure as the software we use, cybersecurity expert says.

Mozilla's attempts to augment its income continued apace with an update to the company's VPN subscription service. The update, which has landed less than a year since Mozilla first launched the service, adds two new features.

Remote working is here to stay, and with this, security and safety have gained even more relevance. Security analysts are receiving thousands of alerts daily, and now with so many remote workers, these alerts could come from thousands of locations.

US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law. Using fake vaccination record cards could also put others at risk, increasing the chance of contracting COVID-19 or infecting others.

A report issued on Tuesday by email security provider Armorblox looked at the tactics employed by three recent phishing campaigns and suggests ways to avoid these types of scams. In each case, the emails were able to get past security defenses to end up in the inboxes of their targeted victims.

Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. In theory, anyone who downloaded the very latest "Still in development" version of PHP on Sunday 2021-03-28, compiled it, and installed it on a real-life, internet facing web server could have been at risk.

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. vRealize Operations is an AI-powered and "Self-driving" IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.

On Jan. 11, Ubiquiti Inc. [NYSE:UI] - a major vendor of cloud-enabled Internet of Things devices such as routers, network video recorders and security cameras - disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a "Catastrophic" incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.