Security News > 2021 > October

German investigators have reportedly identified a Russian man named Nikolay K. whom they believe to be one of REvil ransomware gang's core members, one of the most notorious and successful ransomware groups in recent years. As reported by German media, the investigators were able to link Bitcoin payments with ransoms paid to the GandCrab ransomware group, following attacks against a software developer and the State Theater in Stuttgart.

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.

The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and online data breach marketplaces.This week, users reported seeing the private key for EU Digital Covid certificates circulating on messaging apps, like Telegram.

FireEye and McAfee, whose business models center around charging enterprises money to protect their networks from cyber-threats, issued a joint report this week predicting next year you'll see an increase in cyber-threats, particularly those against enterprise networks and the staff who run them. Nation states will "Increase their offensive operations by leveraging cybercriminals." as senior principal McAfee engineer Christiaan Beek theorized, citing the example of US indictments against four Chinese nationals who were allegedly running front companies on behalf of Beijing.

Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform. Scoolio is a German student community app that aims to build better time management skills, tutoring, homework planning, and group chats to network with peers.

Due to the disconnect between the teams, security professionals often purchase application security tools that disregard developers' needs and processes. The shift left approach helps to bridge the gap between developers and security professionals; it moves security testing and vulnerability management into the earliest stages of development.

Phishers readily deploy attacks, with the average phishing campaign lasting only 12 minutes, according to Google, which reports blocking 100 million phishing emails per day. Implementing DMARC eliminates the most common attack vector - phishing emails - and adds another layer of protection.

Often, API security is relegated to an afterthought in the rush to bring them to market, with many organizations relying on traditional network security solutions that are not designed to protect the wide attack surface that APIs can introduce. "From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application," said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report.

Technologies introduced practices emerge and yet - adversaries always find new ways. Because the next morning, hackers will find a new way to install a malware, steal identities or exfiltrate sensitive data.

McAfee and FireEye released its 2022 Threat Predictions, examining the top cybersecurity threats they predict enterprises will face in 2022. Skilled engineers and security architects from the recently combined entity offer a preview of how the threat landscape might look in 2022 and how these new or evolving threats could potentially impact enterprises, countries, and civilians.