Security News > 2021 > July

NICE unveiled a Robo Ethical Framework promoting responsibility and transparency in the design, creation and deployment of AI-powered robots. NICE's ethical guidelines set the standard for designing, building and deploying robots, and form the basis for solid and ethically sound robot and human collaboration.

Bugcrowd announced Ellie Wu has joined its executive team as Vice President of Customer Experience. Wu will lead Bugcrowd's efforts to deliver customer experience and enhance the company's position as customers' first choice for a crowdsourced cybersecurity vendor.

A proof-of-concept exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021.

"REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices," Caspi wrote. In a nod to research by AdvIntel in early May 2021, which reported REvil's intent to port its Windows-based ransomware to Linux, Caspi confirmed the Linux variant was spotted in May "Affecting *nix systems and ESXi.".

The Dell SupportAssist RCE furore has rumbled on after infosec outfit Eclypsium snapped back at Microsoft's statement on the matter. The issue is a set of four vulnerabilities in Dell's SupportAssist remote firmware update utility that could have permitted arbitrary code to be run on a variety of PCs. The advisory was published last week, and Dell had worked with Eclypsium from March, well ahead of the public disclosure.

FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet. Diavol and Conti ransomware payloads were deployed on different systems in a ransomware attack blocked by the company's EDR solution in early June 2021.

An Irish court has ordered VirusTotal to provide the information of subscribers who downloaded or uploaded confidential data stolen from Ireland's national health care service during a ransomware attack. To prove the data theft, the Conti gang posted a link to a file in their ransomware negotiation chat that they said contained samples of the stolen data.

The Colonial Pipeline ransomware attack put a glaring spotlight on the ransomware scourge - and, in particular, on the rise of ransomware-as-a-service. The CryptoLocker ransomware attack was propagated by infected email attachments and via the Gameover Zeus botnet.

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. "Using payroll data from government agencies and thousands of employers - including a vast majority of Fortune 500 companies - Equifax has cultivated a database of 300 million current and historic employment records, according to regulatory filings."

In order to protect themselves and your business against phishing campaigns, malware and other types of attacks, your workers should have a certain awareness of cyber incidents and more importantly security best practices. Automatically expecting your fellow workers to become knowledgeable enough about cybersecurity to help combat attacks is foolhardy, unless you provide them with the right training.