Security News > 2021 > December

While open-source software doesn't guarantee a life free of vulnerabilities, it does guarantee fast response and remediation, which is crucial in the event of a large-scale security risk such as that brought on by Log4Shell. Open-source software is defined as "Software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose." Some of the benefits of this are lower hardware costs, higher-quality software, flexibility, security, and transparency.

A Identity Theft Resource Center and DIG.Works research explored the relationship between data breach notices and a decision for a consumer to freeze their credit, as well as credit freezes in general. The research surveyed 1,050 U.S. adult consumers on the topic and discovered that most consumers are familiar with the credit freeze process.

MITRE Engenuity and Cybersecurity Insiders announced the results of a research about the state of affairs in managed services security. The survey of IT security professionals representing organizations of all sizes from industries such as Technology, Healthcare, Retail, Government, Financial, and others set out to discover if organizations are adopting a threat-informed approach to cybersecurity, how they are adopting threat-informed approaches, and what organizations and IT security professionals are doing to improve their confidence in their ability to defend against cyber intrusions.

The need to keep these devices and services connected has placed stress on IT team members that could be alleviated by the implementation of automated IT services. The study found that 55% of respondents reported automating IT processes saving the IT department 1-8 hours per service request.

Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. The firm tested the Ellume COVID-19 Home Test, a device selected specifically because it uses a "Bluetooth connected analyzer for use with an app on your phone."

Darktrace reported that the IT and communications sector was globally the most targeted industry by cybercriminals in 2021. Attackers could then launch ransomware attacks against the clients of the backup vendor, preventing recovery and forcing payment.

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. The spotlight in November was stolen by the PYSA ransomware group, which had an explosive rise in infections, recording an increase of 50%. Other dominant ransomware groups are Lockbit and Conti, which launched attacks against critical entities, albeit fewer than in previous months.

These accounts are usually used by backup, security or monitoring solutions. Using such accounts to remotely login to systems on the network introduces unnecessary risk - it's a bad practice, and an avoidable one.

Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models. Impacted models include Dell Latitude laptops, as well as Dell Inspiron 5680 and Alienware Aurora R8 desktops.

There's an enormous amount of software vulnerable to the Log4j bug through Java software supply chains - and administrators and security pros likely don't even know where to look for it. About 17,000 Java packages in the Maven Central repository, the most significant collection of Java packages available to developers, are vulnerable to Log4j - and it will likely take "Years" for it to be fixed across the ecosystem, according to Google security.