Security News > 2021 > May

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt's post says the attacks saw Nobelium gain access to accounts on the email marketing service "Constant Contact" operated by The United States Agency for International Development.

The Department of Homeland Security's Transportation Security Administration announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector. "The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats," said Secretary of Homeland Security Alejandro N. Mayorkas.

NetWitness Cloud SIEM delivers cloud-based threat detection and response. Imperva Data Privacy protects and reports on personal data across all data assets.

While academically interesting, it illustrates the difficulty in giving reviews to cybersecurity products in the endpoint protection category and trying to attribute a "Best" label to a specific product in a specific category. Ignoring the fact they were conducted years ago and the threat actors have been disbanded, it highlights the increasing disconnect between labels attributed to a product and requirements that companies typically expect from an endpoint solution.

That's welcome news for businesses because illegal robocalls directly affect their bottom lines and brands in a variety of ways - including ones that aren't obvious. Consumers are inundated with so many illegal robocalls that when they see a call from an unfamiliar or unidentified number, they let it drop into voice mail 76 percent of the time.

Criminals tried to exploit Hong Kong residents' COVID-related anxiety, according to new security data released yesterday by the Special Administrative Region's secretary for innovation and technology Alfred Sit. Liao cited data that the Hong Kong Hospital Authority was subjected to 50 million cyberattacks last year, up from 20 million in 2015, with the HA also copping five ransomware attacks last year.

As fraudsters continue to develop increasingly sophisticated schemes that allow them to produce an apparent valid identity, either by stealing personal data or fabricating it themselves, organizations need to make a fundamental shift in their fraud-fighting strategies. Rather than performing authentication through a series of data point verifications, they should instead examine the linkages between all the identity markers holistically over time.

The FBI will soon begin to share compromised passwords with Have I Been Pwned's 'Password Pwned' service that were discovered during law enforcement investigations. The Have I Been Pwned data breach notification site includes a service called Pwned Passwords that allows users to search for known compromised passwords.

Contrast Security announced the findings of a report based on a comprehensive survey of development, operations, and security professionals and executives at enterprise-level financial services institutions. The report explores the state of application security at these organizations, and the findings indicate that the security of these applications - that have access and control over consumers' finances - is not a priority or major concern for most of them.

Nearly 30 percent of people who contact the Identity Theft Resource Center are victims of more than one identity crime. Their latest study covers the 36 months from 2018-2020 and goes beyond the known financial implications of identity crimes and explores the emotional, physical and psychological impacts experienced by victims.