Security News > 2021 > August

Syxsense released two new solutions built to facilitate the remediation of the current rash of malware. "While threat and misconfiguration detection is critical in today's IT environment, on their own they're no better than watching the approach of a speeding train," said Ashley Leonard, Syxsense founder and CEO. "With Syxsense Secure you can immediately remediate the threat, in essence, avoiding the train's path entirely."

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan on compromised systems. Attributing the intrusions to a threat actor named PKPLUG, Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers.

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the United Kingdom's National Cyber Security Centre, and the U.S. Federal Bureau of Investigation noted.

Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. NicheStack is a closed-source TCP/IP stack for embedded systems that is designed to provide internet connectivity industrial equipment, and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers and other products.

Mutualink launched LNK360, an intelligent platform that establishes instant incident-based communications and drives unprecedented coordination for public safety. LNK360 seamlessly bridges voice, video, IoT systems, and data communications into a single platform to improve situational awareness and coordinated, safer response- every day and in any emergency.

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. The Boston-based cybersecurity firm linked the campaigns to three different Chinese threat actors, namely Gallium, Naikon APT, and TG-3390.

VMware continues to build out its virtual desktop infrastructure and Desktop-as-a-Service platform and announced new capabilities to make it easier for IT to manage Horizon deployments wherever they may be, on-premises or in the cloud. It brings together VMware Workspace ONE with VMware Carbon Black Cloud and VMware SASE. Horizon Control Plane services available on more cloud environments for greater flexibility.

Cado Security announced the addition of memory acquisition, processing and analysis capabilities to its Cado Response platform. With Memory Forensics, security teams gain enhanced visibility and context to identify the root cause of incidents and respond to data breaches faster.

Corent Technology announced the addition of Corent's MaaS platform to the HPE GreenLake Cloud Services ecosystem. With Corent's migration tools and technologies delivered through the HPE GreenLake edge-to-cloud platform, customers benefit from a fixed-price, off-the-shelf package to accelerate hybrid cloud migration of Microsoft Windows workloads, while minimizing cost, time, and risk.

NAKIVO has released 10.4 of NAKIVO Backup & Replication with a focus on the security of backup data and ransomware protection. Backups are as vulnerable to ransomware as any other data stored on local storage media if not offline or air-gapped.