Security News > 2021 > April

As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack. Codecov has now disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information from the affected customers.

Shadow admins pose a threat to organizations because these accounts have privileged access to perform limited administrative functions on Active Directory objects. Threat actors seek shadow admin accounts because of their privilege and the stealthiness they can bestow upon attackers.

It's the data that is critical to insurance that is driving the push for more API usage. From a business perspective, APIs are powering omnichannel capabilities that are increasingly important to ensure policyholders, agents, brokers and partners can consume data and insights during key processes in a way that suits them best.

While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system of systems. In short, threat modeling answers questions as "Where am I most vulnerable to attacks?", "What are the key risks?", and "What should I do to reduce these risks?".

Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. To avoid hacks, it is necessary to reinforce the cipher protection from leaks and to test encryption systems for vulnerabilities.

Axonius released a report which reveals the extremes to which the pandemic escalated lack of visibility into IT assets and how that is impacting security priorities. According to the study conducted by ESG, organizations report widening visibility gaps in their cloud infrastructure, end-user devices, and IoT device initiatives, leading to increased risk and security incidents.

Chris Roberts, Chief Security Strategist at Cynet Security, offers a new Slack-based community for InfoSec leaders as a solution. The new InfoSec Leaders Community will feature several channels and will offer security leaders and decision-makers a fresh opportunity to both get advice and new knowledge and share it with others.

In 2019, the director of the National Geospatial Intelligence Agency, the organization charged with supplying maps and analyzing satellite images for the U.S. Department of Defense, implied that AI-manipulated satellite images can be a severe national security threat. To study how satellite images can be faked, Zhao and his team turned to an AI framework that has been used in manipulating other types of digital files.

The market valuation of public key infrastructure will cross $7 billion by 2027, according to Global Market Insights. The managed service segment in the PKI market is anticipated to witness a 20% growth rate till 2027.

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things and Operational Technology devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems," said Microsoft's 'Section 52' Azure Defender for IoT research group.