Security News > 2021

Many organizations today deal with data that is noisy and unstructured, decentralized without prioritization, and managed with spreadsheets. To gain a comprehensive understanding of the threats you are facing and what you must defend, you need to start by aggregating internal data from across the entire ecosystem - the telemetry, content and data created by each layer in your security architecture, on-premises and in the cloud.

Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts. "Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs," Parliament officials said at the time.

A declassified joint report from several United States agencies assesses that Russian and Iranian threat actors did attempt to meddle in the 2020 U.S. presidential election, but claims that the technical integrity of the voting process wasn't affected. The joint report is meant to provide information on the extent to which foreign actors attempted interference with the 2020 U.S. elections, along with details on whether these adversaries targeted political organizations, campaigns, or election candidates, and an assessment on whether the attacks were able to successfully compromise the targeted infrastructure.

Digital identity verification firm Socure this week announced raising $100 million in a Series D funding round. The round, which brings the total invested into the company to $196 million, was led by Accel, with participation from Commerce Ventures, Scale Venture Partners, Flint Capital, Citi Ventures, Wells Fargo Strategic Capital, Synchrony, Sorenson, and Two Sigma Ventures, among others.

Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers. Tutor LMS is a learning-management system for educators that allows them to digitally reach their students.

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against...

The United States Department of Justice on Wednesday announced that a Cypriot national who admitted to hacking the websites of various U.S.-based companies was sentenced to 12 months and one day in prison, on top of the four years already served in custody. In January 2021, Epifaniou admitted in court to perpetrating a scheme in which he hacked the websites of multiple companies, exfiltrated data of interest, and then contacted the victim organizations to demand a ransom payment, threatening to make the data public.

Two Polish government websites were hacked Wednesday and used briefly to spread false information about a non-existent radioactive threat, in what a Polish government official said had the hallmarks of a Russian cyberattack. The National Atomic Energy Agency and Health Ministry websites briefly carried claims of a supposed nuclear waste leak coming from neighboring Lithuania and threatening Poland.

In terms of "Things that will flow from this" the Integrated Review mentioned only the National Cyber Security Centre and the nascent National Cyber Force, both already in existence. Under the heading "Responsible, democratic cyber power" the government promised to "Use cyber capabilities to influence events in the real world," including more use of "Offensive cyber" - and, eye-catchingly for the UK infosec sector, UK.gov plans to build "An advantage in critical cyber technologies."

Finding a data security solution that will fit an organization's needs - current and future - has always been a challenge. Jean Le Bouthillier, CEO of Canadian data security startup Q​ohash​, says that organizations have had many issues with solutions that generate large volumes of not relevant and not actionable data.