Security News > 2021

Following a performance audit conducted between September 2019 and March 2021, GAO has discovered that the electricity grid's distribution systems are increasingly vulnerable to cyber-attacks and that the potential impact of such attacks is not yet clear. After conducting semistructured interviews with 38 key federal and nonfederal entities associated with the cyber-security of grid distribution systems and reviewing reports from both DOE and the Department of Homeland Security and other relevant documentation, GAO has concluded that, in its plans to implement the national cyber-security strategy, DOE needs to fully address cyber-risks to the grid's distribution systems.

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance. Shell disclosed the attack in a public statement published on the company's website last week and said that the incident only affected the Accellion FTA appliance used to transfer large data files securely.

In a bid to replace MPLS circuits and SD-WAN appliances, Cloudflare has introduced Magic WAN and Magic Firewall and partnerships with VMware, Aruba, Digital Realty, CoreSite and EdgeConneX. Cloudflare Monday introduced Magic WAN with Magic Firewall as well as new strategic partnerships with network hardware and data center providers as part of Cloudflare One, its cloud-based network-as-a-service offering released in October 2020. Magic WAN connects any source of data traffic-data centers, offices, devices, cloud apps, etc.

The urgency to patch gaping security holes in F5 Networks BIG-IP and BIG-IQ products escalated over the weekend after researchers spotted malicious in-the-wild attack activity. Malware hunters at U.K.-based NCC Group are raising the alarm for mass scanning and "Multiple exploitation attempts" with exploits targeting critical security flaws in the F5 enterprise networking infrastructure products.

The United States sentenced a Russian and a North Macedonian on Friday to prison for their roles in a vast cyber crime operation. Sergey Medvedev, 33, of Russia and Marko Leopard, 31, of North Macedonia, were sentenced to ten and five years respectively, according to a Justice Department statement.

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.

Cloudflare introduced Magic WAN with Magic Firewall and new strategic partnerships with major networking and data center providers as part of Cloudflare One, its cloud-based network-as-a-service solution. Magic WAN with Magic Firewall gives customers of all sizes a one-stop-shop to connect and secure data, devices, offices, cloud networks, and more without relying on hardware boxes.

A researcher has earned over $11,000 from TikTok after disclosing a series of vulnerabilities that could have been chained for a high-impact 1-click exploit. As for what an attacker could have done with this exploit, the researcher said "Anything TikTok can do on your device, the exploit can do."

Phishers have been exploiting people's fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives. Cybercriminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control, U.S. Internal Revenue Service, U.S. Department of Health and Human Services, World Health Organization, and other agencies and businesses.