Security News > 2021
FIDO-certified multi-factor authentication provider LoginID this week announced that it raised $6 million in seed funding. Founded in 2019 and based in San Mateo, California, LoginID provides identity protection and control over personal information, helping companies add FIDO-certified biometrics to websites and applications, including ecommerce and banking sites.
If one searches for 'the top MSP challenges' between 2017 and 2020, there are mainly five things that are more likely to emerge from the search results: adopting cloud-based solutions, sales margins, satisfying complex client's needs, employee turnover, and the scalability of the IT security solutions offered. At SafeDNS, we see apart from those points three entangled hurdles for MSPs in 2021 and the coming years- tied with the current economic uncertainty and somewhat linked to the pandemic -1) More attacks at the MPSs' clients' DNS-level, 2) growth issues for MSPs and their clients, and 3) remote working vulnerabilities.
Security firm Semperis built Purple Knight to make it easy for companies to patch holes in Active Directory security. "Any large organization that has had Active Directory deployed for a long time is going to have weaknesses in their security posture, which means that if attackers got in, they would find it easy to exploit these vulnerabilities," he said.
Argon, an Israel-based company that provides solutions for securing the software development process, on Tuesday announced emerging from stealth mode. The company has developed a solution that provides visibility, security and integrity capabilities to help DevOps and security teams ensure that their development environment has not been compromised.
It turns out that ES&S has bugs in their hash-code checker: if the "Reference hashcode" is completely missing, then it'll say "Yes, boss, everything is fine" instead of reporting an error. It's simultaneously shocking and unsurprising that ES&S's hashcode checker could contain such a blunder and that it would go unnoticed by the U.S. Election Assistance Commission's federal certification process.
Microsoft has released Exchange On-Premises Mitigation Tool, which quickly performs the initial steps for mitigating the ProxyLogon flaw on any Exchange server and attempts to remediate found compromises. "This tool is not a replacement for the Exchange security update but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange Servers prior to patching," Microsoft explained.
A former asylum seeker with a postgraduate degree in cybersecurity who alleged his bosses were spying on him for MI5 has lost his attempt to claim he was racially discriminated against. The anonymous man, who worked for an unnamed company that set up a UK cyber range in mid-2019, told the Employment Tribunal that he had quit after being subjected to racial harassment at work - but judges overruled all of his legal claims.
Hackers have come up with a sneaky method to steal payment card data from compromised online stores that reduces the suspicious traffic footprint and helps them evade detection. Instead of sending the card info to a server they control, hackers hide it in a JPG image and store it on the infected website.
The emergency patches for the recently disclosed critical vulnerabilities in Microsoft Exchange email server did not come soon enough and organizations had little time to prepare before en masse exploitation began. With patches released and proof-of-concept exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.
A centralized log management tool for monitoring a hybrid workforce infrastructure can deliver significant value in a short period, making it fundamental to building security into the hybrid workforce. User access event logs provide visibility into when and where people log their devices into a network.