Security News > 2021

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm's source code repositories, according to an update by the company. In the most recent part of its investigation into the SolarWinds hack, Mimecast said it has found evidence that a "Limited" number of source code repositories were also accessed.

Chile's Comisión para el Mercado Financiero has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities. "The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform," disclosed the Comisión para el Mercado Financiero.

The same rigor should, in theory, be applied to many things in life, including security and fraud. What does your fraud prevention workflow look like? What data sources do you review as part of your fraud program? What technologies do you have in place? How do you adapt to the changing tactics of attackers and fraudsters? What sources of intelligence do you rely on? Not surprisingly, if there aren't a lot of substantive or thought out answers to these questions, it may mean that the reason there is no fraud problem is because no one is looking at the data in a way that might tell a very different story.

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. "While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware," according to McAfee researchers in a Tuesday report.

In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter. Although the art of hiding non-image data in images isn't novel, the fact that the images can be hosted on a popular website like Twitter and are not sanitized opens up a possibility for their abuse by malicious actors.

A quick shift toward Microsoft Office 365 and Azure AD in the cloud has expanded the attack surface for many organizations, says Vectra AI. The coronavirus pandemic has forced many organizations to transition their applications and other assets to the cloud. This increased reliance on Office 365 has naturally caught the eye of cybercriminals who have been ramping up their attacks against Microsoft's cloud-based Office environment for many customers.

Vulnerability remediation orchestration provider Vulcan Cyber today announced that it has raised $21 million in Series B funding. The new funding, Vulcan Cyber says, will help it expand its platform with new vulnerability remediation solutions for both cloud and applications, as well as meet demand for its SaaS solution.

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. A quick search of WHOIS registration records showed the domain was unregistered.

Over the past month, a variant of the Mirai botnet was observed targeting new security vulnerabilities within hours after they had been disclosed publicly, researchers with Palo Alto Networks reveal. What makes the variant tracked by Palo Alto Networks stand out in the crowd is the fact that, within a four-week timeframe, it started exploiting several vulnerabilities that have been disclosed this year.

A Florida teenager accused of masterminding a Twitter hack of celebrity accounts in a crypto currency scheme has been sentenced to three years in juvenile prison in a plea agreement, officials said. State prosecutors announced the deal Tuesday in the case of Graham Ivan Clark, 18, described as the mastermind of the July 2020 "Bit-Con" worldwide hack of Twitter accounts of Elon Musk, Bill Gates, Barack Obama, Joe Biden and others.