Security News > 2021 > May
Arctic Wolf announced Managed Security Awareness, a new solution that it described as a security awareness and training program delivered as a concierge service. The new solution includes security awareness microlearning, automated phishing simulations, and account takeover monitoring.
API security firm 42Crunch has raised $17 million in a Series A funding round led by Energy Impact Partners and joined by Adara Ventures. In 2019, Gartner stated, "By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications." Its proposed solution was, "Use a Combination of API Management and Web Application Firewalls to Protect APIs, in Conjunction with Identity Infrastructure."
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. "With every directory traversal attack the target program is required to be on the same drive as the webserver. In our case we needed the system32 folder to be on the same drive as the IIS install." This was apparently easy enough in the lab but it was not spelled out in the blog post as to whether this was how the NT4 IFE system was configured aboard the 747.
Cloud data access control solutions provider Immuta this week announced raising $90 million in Series D funding, which brings the total capital invested in the company to $169 million. Founded in 2015, the Boston-based company offers a platform that data engineers and DataOps teams can use to automate data governance, security, access control and privacy protection.
Google conducted an "Ask me anything" panel on its controversial Privacy Sandbox proposals at its online I/O event. Google has come up with a bunch of proposals collectively called Privacy Sandbox which aim to reshape the ways in which personal data is shared between websites.
Fraudsters are sending out fake Amazon order emails and tricking online shoppers into calling a telephone number manned by them to steal the shoppers' credit card details and other sensitive information. Both emails look contain Amazon branding and follow a structure similar to real order confirmation emails from Amazon but, if one knows where to look, there are many indications that the emails are fraudulent.
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. Today, e-commerce giant Mercari has disclosed major impact from the Codecov supply-chain attack on its customer data.
A Doncaster insurance company has been hit by ransomware from the Darkside crew - whose "Press release" declaring it was shutting down its operations last week was taken at face value by some pundits. The Doncaster Free Press reports that One Call Insurance, based in the northern English city, had been compromised by Darkside a week ago.
Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum. To gain the trust of potential partners and expand the operation, DarkSide deposited 22 bitcoins on the popular hacker forum XSS. The wallet is managed by the site's administrator, which in this case acts as a guarantor for the gang and an arbitrator if a dispute occurs.
Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum. To gain the trust of potential partners and expand the operation, DarkSide deposited 22 bitcoins on the popular hacker forum XSS. The wallet is managed by the site's administrator, which in this case acts as a guarantor for the gang and an arbitrator if a dispute occurs.