Security News > 2021 > July

The Secure Remote Access product of industrial cybersecurity firm Claroty is affected by a vulnerability that could be useful to threat actors targeting industrial organizations. Claroty SRA is a secure remote access solution specifically built for OT environments, including in terms of operational, administrative and security needs.

Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company. "Most shocking is just how routine secrecy orders have become when law enforcement targets an American's email, text messages or other sensitive data stored in the cloud," said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.

Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council, researchers have found. At the time, Kaspersky said that the IndigoZebra campaign was targeting former Soviet Republics with "a wide swath of malware including Meterpreter, Poison Ivy, xDown, and a previously unknown malware called 'xCaon'." According to Kaspersky's 2017 report, the campaign shared ties with other well-known Chinese-speaking actors, though no definitive attribution was made at the time.

Microlearning delivers digestible bits of information specifically designed for the learner to retain in a short period of time. While the security industry is beginning to recognize the advantages of microlearning, many implementation inefficiencies persist.

Business Email Compromise attacks are skyrocketing as organizations rely on decades-old email protocols and standards, and bad actors perfect social engineering. The good news is that automated email certificates can help organizations avoid these attacks and protect their employees against spear phishing attacks.

Trend Micro released a new report highlighting the growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities. "Given the US government is now treating ransomware attacks with the same gravity as terrorism, we hope our latest research will help industrial plant owners to prioritize and refocus their security efforts."

While there are many different encryption techniques, none are completely secure, and the search continues for new technologies that can counter the rising threats to data privacy and security. In a recent study published in KeAi's International Journal of Intelligent Networks, a team of researchers from India and Yemen describe a novel, two-step cryptography technique - the first to combine genetic technology with mathematical technique.

Law enforcement agencies in Europe, the US, and Canada on Tuesday announced the takedown of DoubleVPN, a virtual private network service that allegedly helped cybercriminals conduct nefarious activities. As part of the takedown operation, servers across the world were seized to ensure the disruption of the DoubleVPN service.

AI-based recommendation systems are used in many online services we enjoy today, including search engines, online shopping sites, streaming services, and social media. Y Patel, a researcher with cybersecurity provider F-Secure's Artificial Intelligence Center of Excellence, recently completed a series of experiments to learn how simple manipulation techniques can affect AI-based recommendations on a social network.

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker "IndigoZebra," with past activity aimed at other central-Asian countries, including Kyrgyzstan and Uzbekistan.