Security News > 2021 > May

Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research reveals. "With more complex software supply chains becoming the norm, organizations are leaning on these third party assets to accelerate their internal software development, which creates security blind spots," said Chris Rommel, EVP, IoT & Industrial Technology for VDC Research.

A total of 158 privacy and security issues have been identified in 58 Android stalkware apps from various vendors that could enable a malicious actor to take control of a victim's device, hijack a stalker's account, intercept data, achieve remote code execution, and even frame the victim by uploading fabricated evidence. The new findings, which come from an analysis of 86 stalkerware apps for the Android platform undertaken by Slovak cybersecurity firm ESET, highlight the unintended consequences of a practice that's not only unethical but in the process could also expose private and intimate information of the victims and leave them at risk of cyberattacks and fraud.

ENISA released a report addressing the contemporary use of Capture-The-Flag competitions around the world. It explores how these competitions work and provides a high-level analysis of the dataset of the most recent major public events.

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app.

The company surveyed 2,000 consumers across the United States and United Kingdom about their experiences and attitudes toward payment fraud and how they felt about the threat of fraud in the aftermath of COVID-19. The results show that worry about fraud has risen to extreme levels and consumers feel their increasingly digital lives are putting them more at risk.

CrowdStrike announced Falcon Fusion, a unified and extensible framework purpose-built on the CrowdStrike Falcon platform to orchestrate and automate complex workflows improving security operation center efficiency. Falcon Fusion leverages the power of the CrowdStrike Security Cloud and relevant contextual insights across endpoints, identities, and workloads, in addition to telemetry from partner applications via the CrowdStrike Store, to improve SOC and IT efficiency and agility for enterprise customers.

This Backup as a Service offering provides data protection and retention that goes well beyond the default 30-day native backup capabilities included with a Microsoft 365 subscription. Cohesity's BaaS offering gives organizations even more choice in how they can back up and recover Microsoft 365 application data.

Me is one of the world's largest insurance carriers specializing in providing health insurance to students while traveling or studying abroad in another country. Me discovered suspicious activity on their website that led them to take down their website.

CynergisTek announced an agreement to provide advisory support services to Blackbaud to support its healthcare customers with HIPAA compliance needs. "We are committed to helping social good organizations succeed in their missions by providing innovative and secure technology," said Page Bullington, president and general manager, Blackbaud Healthcare Solutions.

Athenahealth and Nuance Communications announced an expansion of their strategic collaboration to include the integration of Nuance's cloud-based Dragon Medical, bringing speech and virtual assistant technology into the athenaOne EHR and Mobile App. The collaboration between Nuance and athenahealth is driven by advances in speech technology and the demonstrated ability to transform clinical documentation and improve productivity through an intuitive voice-driven workflow.