Security News > 2021 > June

DDoS attacks increase the pressure on the victim to pay the ransom by adding another threat to combat, says NETSCOUT. Ransomware attackers are always looking for new ways to persuade their targets to pay the ransom. One tactic increasingly being added to a traditional ransomware campaign is a DDoS attack.

Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology. The firmware developed by Korenix for its JetNet industrial switches is also used by Westermo for PMI-110-F2G and Pepperl+Fuchs for Comtrol RocketLinx industrial switches.

Amazon initially announced Sidewalk in September 2019, describing it as a "New, long-term effort to greatly extend the working range of low-bandwidth, low-power, smart lights, sensors, and other low-cost devices customers install at the edge of their home network." While Sidewalk has been in the works for a few years, the news of the June 8 deadline for turning it on seems to have caught many by surprise: It gives consumers just a week to learn about the initiative and to opt out if they so choose. As Amazon describes it, Sidewalk will do things like keep motion alerts from security cameras coming even when the Wi-Fi goes down; will stretch Wi-Fi out to smart lights at the edge of your driveway; and could act like Tile tags to help customers find pets and valuables.

OpenPGP project RNP has patched its flagship product after Mozilla Thunderbird, a major user, was found to be saving users' private keys in plain text. Still tracked as CVE-2021-29956, the number allocated to the Thunderbird vuln, the RNP bug has now been squashed.

Security experts recommend setting basic security standards for all your data feeds, enlisting help from procurement and doing an API inventory. Hundreds of third-party apps in Android devices were given access to sensitive data logged by contact-tracing apps built on Google and Apple's API, according to reports from security researchers in April.

A top Russian-language underground forum has been running a "Contest" for the past month, calling on its community to submit "Unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens.

The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups. The campaign was disclosed last week by Microsoft, which linked it to the same group of Russian intelligence operatives responsible for the massive SolarWinds intrusion that breached federal agencies and private corporations.

Offensive Security has released Kali Linux 2021.2, the latest version of its popular open source penetration testing platform. Offensive Security has introduced two new tools for making Kali easier to use: Kaboxer and Kali-Tweaks.

One of the most powerful leadership tools is positive reinforcement - a proven and effective method for shaping and changing behavior. While dog owners might use treats or toys to reward desired behaviors, CISOs can leverage technology to reinforce certain behaviors conducted by employees - guiding them in their role in protecting the broader organization.

The good news is there are straightforward ways of minimizing the impact before an attacker even so much as looks in the direction of your organization. You can gain insight into the most common threats in your industry and understand the way attackers might think and act during an incident from both past war stories and threat intelligence sources such as the MITRE ATT&CK framework.