Security News > 2021 > June

Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.

Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.

announced that its healthcare security and cloud security certifications have been approved by the U.S. Department of Defense as prerequisites of employment for certain security workforce categories. Following approval by the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group Certification Committee, the HealthCare Information Security and Privacy Practitioner and the Certified Cloud Security Professional certifications are the latest additions to the DoD 8570 Approved Baseline Certifications table that is publicly available on the DoD Cyber Exchange website.

Fugue announced Regula 1.0, an open source policy engine for infrastructure as code security. Available at GitHub, the tool includes support for common IaC tools such as Terraform and AWS CloudFormation, prebuilt libraries with hundreds of policies that validate AWS, Microsoft Azure, and Google Cloud resources, and new developer tooling to support custom rules development and testing with Open Policy Agent.

"No single organization can stop synthetic identity fraud on its own," reports The Federal Reserve. As within each of these examples, the same concept applies in fighting identity fraud, which we cannot defeat entity by entity, individual by individual-but as a unified, global consortium working to detect fraud.

74% of threats detected in Q1 2021 were zero day malware - or those for which a signature-based antivirus solution did not detect at the time of the malware release - capable of circumventing conventional antivirus solutions, according to WatchGuard. The report also covers new threat intelligence on rising network attack rates, how attackers are trying to disguise and repurpose old exploits, the quarter's top malware attacks, and more.

The United States is comfortably the world's most powerful nation when measured on "Cyber capabilities that make the greatest difference to national power," according to British think tank The International Institute for Strategic Studies. The report says America's "Capability for offensive cyber operations is probably more developed than that of any other country, although its full potential remains largely undemonstrated".

The number of overshared files rose 450 percent compared to the same quarter in 2020, highlighting the significant impact of the pandemic and remote work on data security. Concentric captured user data in production deployments from companies in the technology, financial, and healthcare sectors to reveal how organizations create, use, and manage data.

It is increasingly being breached: numerous security hacks just this past month include the Colonial Pipeline security breach and the JBS Foods ransomware attacks where hackers took over the organization's computer systems and demanded payment to unlock and release it back to the owners. Columbia Engineering researchers who are leading experts in computer security recently presented two major papers that make computer systems more secure.

This has led to an emphasis on consumers dependence on mobile devices, as they look to execute nearly all daily activities via devices while on-the-go, exposing them to most digital risks. A new McAfee report reveals that 49% of U.S. consumers do not use mobile security software to protect their sensitive data, thus leaving them vulnerable to these increasingly advanced cyberattacks.