Security News > 2021

The global security and vulnerability management market size is expected to reach $20.1 billion by 2027, rising at a market growth of 7.1% CAGR during the forecast period, according to ResearchAndMarkets. Growing adoption of IoT and cloud trends, high monetary losses due to the dearth of these solutions, integration of latest technologies like artificial intelligence & machine learning with security and vulnerability management solutions are indicative for the future growth of these solutions.

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. Sweeping law enforcement operations undertaken by government agencies in recent months have brought about rapid shifts in the RaaS landscape and turned the tables on ransomware syndicates like Avaddon, BlackMatter, Cl0p, DarkSide, Egregor, and REvil, forcing the actors to slow down or shut down their businesses altogether.

Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware samples having negligible to zero detections on VirusTotal.

One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.

Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. Apple has addressed this vulnerability in macOS 11.6 through a security update released in September 2021 that adds improved checks.

Even when the mobile phone age arrived, the Chatter Phone retained its dial, its cheese-dish phone styling, and its sideways receiver. We don't how how or if you can dial the plus symbol for overseas calls, but many countries let you use a special digit sequence instead. So, the Chatter Telephone doesn't take a SIM card itself; instead, it pairs with a regular mobile phone and acts, if you like, as a sort of extension - a happy, smiley, cheerful, brightly coloured, child-like extension phone with an actual rotary dial.

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The Azure App Service is a cloud computing-based platform for hosting websites and web applications.

All-in-one Grinch bots are working over time this holiday season and using automation to steal gift cards and scoop up limited quantities of in-demand products. The Kasada Threat Intelligence Team identified these bad bot trends during the online holiday shopping season, based on data from the company's e-commerce customers.

A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing two-factor authentication codes. More specifically, the threat actors send emails from a Yahoo address, replicating real emails from CoinSpot that ask the recipients to confirm or cancel a withdrawal transaction.

In recent attacks, the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions that stand in their way by rebooting compromised systems into Windows Safe Mode. This tactic makes it easier to encrypt victims' files since most security solutions will be automatically disabled after Windows devices boot in Safe Mode.