Security News > 2021 > September

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections. The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

The seventh annual State of the Software Supply Chain Report from Sonatype found that developers think software management practices are in much better shape than what conditions on the ground indicate. The analysis found that the majority of respondents use an ad hoc approach to software supply chain management for most parts of the process, except for remediation and inventory.

A couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools. After deploying a software payload on to a target's network to scramble all of its files, the criminals behind the ransomware demand a sizeable payment in cryptocurrency to provide a decryption utility - and to prevent sensitive corporate and/or personal data from being dumped online.

Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon data from people's iPhones, it emerged on Tuesday. US citizens Marc Baier, 49, and Ryan Adams, 34, and ex-citizen Daniel Gericke, 40, were charged [PDF] with using "Illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information ... from victims from around the world."

Luckily, there are tactics one can deploy to avoid cloud configuration breaches and prevent error from both technology and humans. Rather than creating a whole new service or application, unpair your app components from your infrastructure so when the elements need an update, it can be easily replaced by a new security hardened gold image as mentioned above.

Nearly three quarters of Fortune 500 companies' IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals. 73% of Fortune 500 companies' total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability.

While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3% say that their organizations have simulated ransomware attacks to prepare for such an incident."As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There's no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events."

One vendor's response automation might, and often do, perform very differently from another vendor's response automation capabilities. It discusses the evolution of response automation and distinguishes five increasingly capable levels of response automation available today.

Venafi announced survey results highlighting the challenges of improving software supply chain security. While 94% of executives believe there should be clear consequences for software vendors that fail to protect the integrity of their software build pipelines, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.

46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities.