Security News > 2021 > November

XDR provider Cynet has built a new minisite with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes.

On November 2, 2021, the House of Representatives passed two bills with the goal of strengthening the cybersecurity of small businesses in America. The first bill, the Small Business Administration Cyber Awareness Act, was unanimously approved to expand cybersecurity operations at the SBA. The bill requires the Small Business Administration to issue a report assessing the agency's ability to combat cyber threats within six months of passage.

59% of CTOs still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware and phishing, a research from STX Next reveals. The research surveyed 500 global CTOs about the biggest challenges facing their organization.

As the holiday shopping season hits full stride, ecommerce retailers across Europe face a new era of malicious attacks spurred by a COVID-inspired transformation in ecommerce and a 350% increase in fraudulent online orders, according to data published by Signifyd. Retailers can expect a more perilous fraud landscape through the holiday shopping season and beyond.

The study explores how organizations patch and manage their remote and office-based endpoints and provide employees with remote IT support. The report reveals that even though most organizations plan to keep at least some remote work in 2022, they struggle to secure and support their remote or hybrid workforce.

JetBrains has introduced remote development for its range of IDEs as well as previewing a new IDE called Fleet, which will form the basis for fresh tools covering all major programming languages. JetBrains has a core IDE used for the IntelliJ IDEA Java tool as well other IDEs such as Android Studio, the official programming environment for Google Android, PyCharm for Python, Rider for C#, and so on.

This effort resulted in CIS Benchmarks specific to cloud CSP products and services. The product-level CIS Benchmarks complement the CIS Foundations Benchmarks by providing an additional layer of security built into the cloud services used within the cloud account.

Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26.

Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the intrusions involved "MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant," which is a Visual Basic Script with functionality to amass system information and execute arbitrary code sent by the attackers on the infected machine.

As of Friday - as in, shopping-on-steroids Black Friday - retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads. The phishing emails were coming from internal IKEA email addresses, as well as from the systems compromised at the company's suppliers and partners.