Security News > 2021 > June

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cybersecurity norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

Two members of the notorious Carbanak cybergang were sentenced to 8 years in prison, Kazakhstani authorities announced this week. While they did not reveal the names of the sentenced individuals, the Kazakh authorities did say that they were accused of stealing roughly $4.7 million from two banks in the country between 2016 and 2017, as well as of attempting to steal $18.5 million more.

Google has added new protection capabilities for Enhanced Safe Browsing users in Chrome, warning them when installing untrusted extensions and allowing them to request more in-depth scans of downloaded files. The Safe Browsing feature, available in Google Chrome since 2007, warns you of dangerous events when visiting malicious websites by checking URLs against a list of unsafe sites stored within Chrome.

Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software. A total of three high-severity vulnerabilities were patched in Webex Player for Windows and macOS, two of which also affect the Webex Network Recording Player for those operating systems.

Targeting Windows and Linux systems, the Necro Python bot changes its code to evade traditional security detection, says Cisco Talos. Though a bot sounds like it might be limited in intelligence and flexibility, a sophisticated bot can do a lot of damage on behalf of the attacker.

If wget is your go-to download command on your Linux servers, and your machines are behind a proxy, Jack Wallen has the solution to get this setup working properly. The developers of wget considered this and built in the necessary options for using the tool when behind a proxy.

Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert on the Pulse Secure zero-day exploited in the attack.

Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. The threat actor, also known as Fancy Bear, Sednit, Sofacy, Strontium, or PwnStorm, used SkinnyBoy in attacks targeting military and government institutions earlier this year.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The MITRE ATT&CK knowledge base of adversary tactics and techniques is widely used by security teams, but recent studies cited by CISA showed that many cybersecurity professionals don't use it to its full potential.

The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council's chief cybersecurity adviser. "The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively," Neuberger said.