Security News > 2021 > May

Cybersecurity control failures was listed as the top emerging risk in 1Q21 in a global poll of 165 senior executives across function and geography, according to Gartner. Despite a myriad of risks resulting from the pandemic, such as the new work environment and environmental, social and governance concerns, cybersecurity risk was singled out with notable consistency across all geographic regions and most industries, cited by 67% of respondents.

The agility of cloud deployments allows organizations to quickly scale their services to support demand, release new products or services to market, and subsequently improve profit margins and increase efficiencies. The overall efficiency and flexibility of cloud allows organizations to only pay for what they use, increasing overall profitability, which is cited by 39% of respondents as a motivator behind cloud adoption.

35% of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey conducted by Apricorn. 58 percent still believe that remote workers will expose their organization to the risk of a data breach.

The value of losses due to eCommerce fraud will rise this year, from $17.5 billion in 2020 to over $20 billion by 2021; a growth of 18% over a single year, according to a study from Juniper Research. The research found that fraudsters have targeted consumers as they have increased their eCommerce use; exposing insecure fraud mitigation processes from merchants who are unfamiliar and unprepared for the continuing fraud challenges in this market.

Version 1.1 of the PCI Secure Software Standard introduces the Terminal Software Module, a new security requirements module for payment software intended for deployment and operation on PCI-approved PIN Transaction Security Point-of-Interaction devices. "The PCI Secure Software Standard is designed to offer a more flexible approach to how we test the security and integrity of payment software," said Emma Sutcliffe, SVP Standards Officer, PCI Security Standards Council.

A campaign by Gov. Ron DeSantis to help Floridians regain ownership of the troves of data that companies collect came to a halt Friday, when state lawmakers could not agree on how tightly to limit how Big Data harvests and uses people's information. Unlike the social media proposal, the legislative effort to address consumer data privacy was mostly bipartisan.

While the next update is all about improvements, preview builds and reports have suggested that Windows 10 version 21H2 is going to be a big release with something new for everyone. Windows 10 Sun Valley will update File Explorer to add a new Extract All option for OneDrive files.

An "Aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "Improper SQL command neutralization" flaw in the SSL-VPN SMA100 product that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers said.

Like other antivirus programs, Microsoft Defender will upload suspicious files to Microsoft to determine if they are malicious. "When Microsoft Defender scans your device, by default, it will use the"Automatic sample submission' feature to upload files to Microsoft's servers when a file is suspected to be malicious.

Panorays, a provider of third-party security risk management, announced new research about the most common third-party cyber gaps and released a new automated, dynamic vendor security questionnaire functionality that helps resolve cyber gap issues in supply chains. To help resolve supply chain cyber gaps, Panorays now offers new automated, easy-to-use Smart Questionnaires that are typically completed in as little as nine days rather than the industry average of nine weeks, allowing organizations to significantly reduce time spent on the vendor evaluation process.