Security News > 2021 > May

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed - such as Russian or Ukrainian. Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they're detected the malware will exit and fail to install.

The United States Cybersecurity and Infrastructure Security Agency has published guidance detailing the steps that organizations affected by the SolarWinds attack should take to ensure they evict the attackers from compromised environments. Tailored for federal agencies that used affected versions of SolarWinds Orion and which discovered adversary activity within their environments, the newly published analysis report, AR21-134A, details resource-intensive and highly complex steps that will require disconnecting the enterprise network from the internet for three to five days.

Consulting giant Accenture announced buying Linkbynet, a France-based cloud services provider that offers cloud optimization, transformation and security services. Networking giant Cisco is purchasing Kenna Security, a cybersecurity company focused on vulnerability management technology.

Cybersecurity industry veteran Adam Ely is the new Chief Information Security Officer at Fidelity Investments. Ely, a technology executive who held security leadership roles at Walmart, Saleforce Heroku and TiVo, is joining Boston, Mass.-based Fidelity to lead one of the world's largest asset management and retail trading firms.

Thus availablity, except out of very very small excursions from "Normal" does not exist in the corporate world. The result as the US finds out more and more regularly, is critical infrastructure outages so often they are now considered "Normal".

A vulnerability affecting desktop versions of four popular web browsers could be exploited by advertisers, malicious actors, and other third parties to track and profile users online even if they switch browsers, use incognito mode or a VPN, researcher and developer Konstantin Darutkin claims. Darutkin and his colleagues from FingerprintJS are calling the vulnerability and its exploitation "Scheme flooding," as attackers can use browsers' built-in custom URL scheme handlers to check if site visitors have 32 different applications installed on their desktops.

British infosec accreditation body CREST has declared that it will not be publishing its full report into last year's exam-cheating scandal after all, triggering anger from the cybersecurity community. "The Report of the Independent Investigator contains information that was obtained in confidence and in line with both the terms of the Process and CREST's Complaints and Resolution Measures, the Report is confidential and cannot be made public," said CREST in an update published on its website late on 10 May, right before the CyberUK conference began.

Russian Alexander Vinnik, jailed last year for money laundering, begins an appeal at a Paris court Tuesday, as prosecutors challenge his acquittal on charges that he masterminded massive ransomware attacks. While a lower court in December sentenced him to five years in jail for money laundering, it acquitted Vinnik, 41, of 13 out of 14 charges of cyber piracy.

In response to government plans to start collecting patient data held by GPs into a central database, NHS Digital said it would "Not approve requests for data where the purpose is for marketing... including promoting or selling products or services, market research or advertising." The Data Access Request Service, or DARS, already releases data under data-sharing agreements.

Fidelis Cybersecurity announced the acquisition of CloudPassage. "The acquisition of CloudPassage extends our vision to unify endpoint, network, cloud and deception in a single platform so our customers can detect and respond to adversaries earlier in the attack lifecycle," said Anup Ghosh, CEO of Fidelis Cybersecurity.