Security News > 2021 > September

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. An SEC filing by Forward Air states that the company lost $7.5 million of less than load freight revenue "Primarily because of the Company's need to temporarily suspend its electronic data interfaces with its customers."

A report released Wednesday by cybersecurity firm Trustwave looks at why security flaws often go unpatched and how organizations can beef up their patch management. The report found that despite the high severity of some of the security flaws that popped up, more than 50% of the servers were unprotected weeks and even months after an update had been released.

Content delivery network Akamai is set to crack open the piggy bank with the purchase of Israel-based Guardicore. While Akamai has firewalls and gateways to spare, dealing with miscreants once a foothold has been gained within the corporate infrastructure can present a challenge.

Kaspersky security researchers have discovered a new backdoor likely developed by the Nobelium hacking group behind last year's SolarWinds supply chain attack. The new malware found by Kaspersky, dubbed Tomiris, was first spotted in June even though the first samples were deployed in the wild in February 2021, one month before the "Sophisticated second-stage backdoor" Sunshuttle was found by FireEye and linked to Nobelium.

Good at identifying and obliterating backups? Speak Russian? The notorious Conti ransomware group may find you a fine hiring prospect. The two-slap whammy of double extortion entails both data encryption and the threat to publish that seized data, but according to AdvIntel's collection of Conti ransomware samples, Conti views victims' desire to avoid the publishing of their data as only a secondary goal - most particularly if those victims can rely on backups instead of having to pay.

The purchase of Singular Key will add to Ping's identity and access management service with a no-code method of creating workflows for identity verification for enterprises. A new acquisition unveiled by identity management firm Ping Identity may be of interest to any business grappling with this challenge.

Though we may know the rules and requirements of password creation-cook up a strong password of a certain length, use letters and numbers and special characters, don't reuse passwords-too often we gravitate toward simple and easy-to-remember passwords. A report released Wednesday by password manager NordPass looks at the techniques people turn to when creating a password.

A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. According to the researchers' estimates, the cybercriminals could steal millions in recurring payments every month from victims around the world.

Security outfit Kaspersky has presented research on what appears to be the second new tool of the Nobelium advanced persistent threat group outed so far this week - a piece of malware dubbed Tomiris. The new malware is linked to an earlier tool known as Sunshuttle, itself a second-stage successor to the Sunburst malware used in the high-profile supply-chain attack carried out on SolarWinds' Orion IT monitoring system last year.

Researchers have discovered a campaign delivering a previously unknown backdoor they're calling Tomiris. Namely, Tomiris has a number of similarities to the Sunshuttle second-stage malware that was distributed by Nobelium.