Security News > 2021 > May

The University of California this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance service. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion's service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.

Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser. In its advisory, Google made no mention of any of these vulnerabilities being exploited in live attacks.

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users. The published emails show exchanges between Apple employees, including executives, discussing the XcodeGhost incident and the steps the company should take in response.

The Pentagon is reconsidering how to make a massive shift to cloud computing, officials said Monday, suggesting it could scrap the so-called JEDI contract potentially worth $10 billion that was awarded to Microsoft Corp. but is mired in legal challenges. "So for all of those reasons, moving to a cloud architecture is going to be vital to how we innovate in this department and we're going to have to assess where we are with regard to the ongoing litigation around JEDI and determine what the best path forward is for the department," Hicks said April 30.

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history - though he admits it has "No real-world implications". In a paper published on academic repository ArXiv, Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden, cheerfully explained that his findings wouldn't be exploitable in a real-world scenario because it pertained specifically to the 1967 implementation [PDF] of the simulated Universal Turing Machine designed by the late Marvin Minsky, who co-founded the academic discipline of artificial intelligence.

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. The event may end up costing the UK train operating company as Cortes has demanded the company make good and provide the promised bonuses.

The webinar explores automation as it exists today in the cybersecurity industry. The question isn't what we can automate today, but what could we automate tomorrow?

Threat hunting is one of the more recent methodologies implemented by IT professionals to find dormant or active threats on their network to better understand and harness network visibility and threat actor entry points. Although threat hunting's proactive appeal has made it an increasingly popular practice to secure networks, its success is only as valuable as the contextual information gathered within the network the threat was found in, which inherently requires a more sophisticated, comprehensive approach to threat detection and identification.

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday.

Many CISOs see themselves as Superman - soaring overhead, cape fluttering, and ready to swoop in and save the day at a moment's notice if a crisis arises. The best CISOs aren't superheroes - or at least, not superheroes cut from the same cloth as the Man of Steel.