Security News > 2021 > May

Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in. Due to its phonetic similarities with the famous line in the storied film franchise -"May the force be with you"-May 4 is also known as Star Wars Day among sci-fans and cinephiles alike.

Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. The analysis was initially carried out for the Pwn2Own 2020 hacking competition - the contest offered a car and other significant prizes for hacking a Tesla - but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.

The U.S. National Security Agency last week released a cybersecurity advisory focusing on the security of operational technology systems, particularly in terms of connectivity to IT systems. The advisory shares recommendations for evaluating risks and improving the securing of connections between IT systems - these can often serve as an entry point into industrial networks - and OT systems.

The Mitre Corporation has released the ninth version of its ATT&CK knowledge base of adversary tactics and techniques, which now also includes a newly created ATT&CK matrix for containers. MITRE has also revamped data sources, consolidated IaaS platforms, added a Google Workspace matrix, updated macOS-based attack techniques and added macOS-specific malware, and has created a brand new ATT&CK for Containers matrix.

This would result in the services improving their fraud prevention capabilities, leading to an arms race between the fraudsters and the fraud teams. Eventually, fraudsters will determine who to target within the industry based on each service's fraud prevention policies and maturity, rather than generally targeting the industry.

A latest report shared with The Hacker News detailed how the BeVigil search engine identified over 40 apps - with more than a cumulative 100 million downloads - that had hardcoded private Amazon Web Services keys embedded within them, putting their internal networks and their users' data at risk of cyberattacks. The findings are the result of an analysis of over 10,000 apps submitted to CloudSEK's BeVigil, a mobile app security search engine.

A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting for the design of over 85% of submarines in the Soviet and Russian Navy since its origins in 1901, including several generations of strategic missile cruiser submarines.

It is about knowing how your business runs, what data and apps are vital for it to add value to its customers, while fostering a strong risk management strategy to protect those digital assets. When selecting a DLP solution for your business, it's essential to consider the context of data in today's environment.

The data shows that risk-based vulnerability management programs allow companies to get measurably better results with less work. In no cybersecurity discipline was this disparity more glaring than in the field of vulnerability management.

Link11 has released its DDoS report for Q1 2021 which revealed the number of DDoS attacks continued to grow. DDoS attackers stick to their target The number of attacks continued to increase: 128% increase in the number of attacks than Q1 2020.