Security News > 2021 > August

A diverse range of cybercrime offerings caters to anyone with sufficient cryptocurrency: from access brokers who sell pilfered credentials for compromised accounts, to bullet proof hosting providers that can deliver reliable and anonymous infrastructure to conduct offensive criminal cyber operations. The discerning cybercrime operator in 2021 can build customized toolchains out of composable microservices and off-the-shelf solutions, tailoring attacks, and repurposing compromises for a variety of criminal endeavours.

Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data. Bangkok Airways' announcement about the matter came last Thursday, a day after LockBit posted a message on its dark web portal threatening the airline to pay a ransom or suffer a data leak.

After major cyberattacks on the Colonial Pipeline and on meat supplier JBS, the idea of allowing companies to launch cyberattacks back at cyber criminals was proposed. While hack back is gaining traction as a hot topic with some legal minds and policymakers, this approach is shortsighted and very likely to have unintended consequences.

Key findings 32.5% of all companies were targeted by brute force attacks in early June 2021. 73% of all advanced threats were credential phishing attacks.

A bug in the Canadian immigration system led to the government accepting an additional 7,307 immigration applications, surpassing the imposed limit. Canadian immigration law typically sets an annual limit for the number of immigration applications that can be accepted in a year under each route.

Continuing to use online tests after the pandemic will help organizations deliver certifications quickly and at scale, says Questionmark. Global demand for modern technology skills is rapidly outstripping supply.

The number one challenge around running Kubernetes in production, as named by survey participants: deployment of data-intensive transactional workloads. Kubernetes adoption challenge Many organizations use Kubernetes now, but how they use it diverges sharply.

"Digital collaboration" and "Critical thinking" are among the modern skills workers need for the post-pandemic economy, according to a new report. Technology skills Digital collaboration - less than half of workers have been given sufficient training on relevant coworking tools.

MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Tips on how to use it as part of your cyber skills strategy.

Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information. The issue, tracked as CVE-2021-33766 and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group, and reported through the Zero-Day Initiative program in March 2021.