Security News > 2021 > December

Britain's plans to force internet-connected device vendors to declare legally binding product lifespans won't be easily evaded by shell companies, the government has told The Register. After the Product Security and Telecommunications Infrastructure Bill was introduced to Parliament last week, some questioned whether the legislation would prevent unscrupulous manufacturers and importers from avoiding legal liability by setting up shell companies.

The European Cybercrime Centre has again acted against credit card fraud and is poised to reveal success on a similar scale to its 2020 campaign that prevented €40 million of losses. Credit card fraud has also persisted, with crims conducting ongoing campaigns to acquire card numbers and use them to make unauthorised purchases.

For any organization that relies on continuous availability of their computer network for regular operations, vulnerability scans should be run at least monthly and even more frequently for organizations that collect and/or process personal or sensitive data. An important component in combating a potential attack is implementing vulnerability scanning to detect and classify network, application, and security vulnerabilities.

Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign. After analyzing three months of phishing email traffic, we found that most attacks follow the money to either big tech or leading financial firms.

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. Facebook Protect, currently being launched globally in phases, enables users who enroll for the initiative to adopt stronger account security protections, like two-factor authentication, and watch out for potential hacking threats.

October 18, 2021, was a tricky day for the ransomware industry. First, the gang that ran the REvil ransomware had its servers compromised, and then three individuals with key roles changed jobs.

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. In these organizations, it is imperative to have a centralized API location with deployment into each of these locations, to ensure greater visibility and better management of API-related business activities.

Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as Code. "It's now more critical than ever for developers to have tools that can detect compliance and security violations across their entire cloud systems, including IaC," said Nico Popp, chief product officer, Tenable.

In addition to being more likely to encrypt a target's data, it shows that malware variants in 2021 are increasingly sophisticated and evasive, making it harder to detect and respond to them. Malware variants evolving in 2021 Malware is rapidly becoming more sophisticated.

ENISA has announced the release of its report - Railway Cybersecurity - Good Practices in Cyber Risk Management for railway organizations. European railway undertakings and infrastructure managers need to address cyber risks in a systematic way as part of their risk management processes.