Security News > 2021 > August

Cataclysmic breaches and a woeful shortage of a trained cybersecurity workforce prompted the Biden Administration to haul a collection of the biggest names in business into a White House cybersecurity summit this week, to talk about what they plan to do about it. For all the public posturing by prominent CEOs at tech giants, many security experts agree that the administration will ultimately need to mandate and enforce cybersecurity standards to make real progress.

Thus, security teams often place focus on the race itself and forget about the actual goal or finish line. For example: "Our mission is to continuously improve the organization's security posture by preventing, detecting, analyzing and responding to cybersecurity incidents." It is missing the finish line.

Five malicious Docker container images were recently detected on Docker Hub, totaling more than 120,000 pulls. There's a new threat cybersecurity teams need to watch out for: malicious Docker containers hiding on legitimate sites like Docker Hub, where Aqua Security's threat research arm, Team Nautilus, found five images accounting for a whopping 120,000 pulls by unsuspecting users.

The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Despite having TLS support as its primary aim, OpenSSL also lets you access the lower-level functions on which TLS itself depends, so you can use the libcrypto part of OpenSSL to do standalone encryption, compute file hashes, verify digital signatures and even do arithmetic with numbers that are thousands of digits long.

The financially motivated FIN8 cybergang used a brand-new backdoor - dubbed Sardonic by the Bitdender researchers who first spotted it - in attempted breaches of networks belonging to two unidentified U.S. financial organizations. It's a nimble newcomer, researchers wrote: "The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," according to Bitdefender's report.

A new analysis shows that infosec analysts, sysadmins and network architects have the most potential for growth in pay over the next decade. People in health, science and tech jobs will have the best chance at finding a job and making good money in the next decade, according to a new analysis.

Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no first generation AMD Zen CPUs. With the new TPM 2.0 requirement and a restricted list of compatible CPUs, many people found that their devices with Intel 7th generation and first generation AMD Zen CPUs, which run Windows 10 flawlessly, can no longer upgrade to Windows 11.

Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no AMD Zen CPUs. With the new TPM 2.0 requirement and a restricted list of compatible CPUs, many people found that their devices with Intel 7th generation and AMD Zen CPUs, which run Windows 10 flawlessly, cab no longer upgrade to Windows 11.

Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. Sievert added that, following an investigation supported by Mandiant security experts, the company closed the access points used by the hacker to breach T-Mobile's network.

Today, T-Mobile's CEO Mike Sievert said that the hackers behind the carrier's latest massive data breach were able to brute force their way through T-Mobile's network after gaining access to testing environments. In 2018, info belonging to millions of T-Mobile customers was accessed by hackers.