Security News > 2021

HackerOne released its 2021 Hacker Report that reveals a 63% increase in the number of hackers submitting vulnerabilities in 2020. Reports for vulnerabilities caused by trends like moving to the cloud have proliferated in the past year, with misconfiguration vulnerabilities rising by 310%. Other key findings 38% of hackers spent more time hacking since the COVID-19 pandemic started.

As they do this, Imperva Research Labs has monitored a staggering 372% increase in healthcare bot traffic globally since September 2020. In February 2021, bot traffic soared 48.8%, the largest increase over the past year, and reaching an unprecedented level over the 12-month average.

Budget cuts, redundancies, delays to cyber resilience projects and increased remote working in the last 12 months could all have increased organizations' risk of a cyber attack in 2021, according to new research into cybersecurity decision makers from NCC Group. The data suggests that these measures could have negatively affected security postures: over 70% of organizations that cut budgets, made redundancies or delayed or cancelled their cyber projects reported an increase in cyber attacks.

Companies have significantly sped up their digital transformation efforts in the past year, a theme anticipated to persist beyond the pandemic, according to F5. With limited in-person interactions, applications have become synonymous with an organization's presence and ability to thrive. This is especially the case when managing broader application portfolios that span multiple generations of application architectures.

The Linux Foundation, the nonprofit organization enabling innovation through open source, today announced the sigstore project, which improves the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies. Sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries.

Lightspin announced the availability of enhanced contextual security for cloud environments. Lightspin provides rapid, in-depth visualization of the cloud stack and sophisticated detection capabilities to proactively protect cloud environments, including dynamic remediation, real-time end-to-end monitoring, smart alerting, and risk analysis across the full DevOps lifecycle.

Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running its Exchange email program to potential hacks. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks.

India's Telecom Regulatory Authority has paused the rollout of a national SMS "Scrubbing" service and blamed business for the delay. The authority, aka TRAI, introduced the scrubbing service to curb text spam in India, where mobile phone users can expect a couple of unsolicited messages every day according to spam-blocking app Truecaller.

Akash Network, a project out of Overclock Labs, confirmed the successful launch of Akash MAINNET 2, the first open-source cloud and the only viable decentralized cloud alternative to centralized cloud providers like Amazon Web Services, Google Cloud, and Microsoft Azure. Akash MAINNET 2 empowers developers to break free from the limitations of traditional cloud infrastructure, and accelerates growth and scale in the blockchain ecosystem by enabling developers and companies to decentralize their cloud infrastructure, deploying applications faster, more efficiently, and at lower cost.

On the off chance you were looking for more security to-dos from Microsoft todaythe company released software updates to plug more than 82 security flaws in Windows and other supported software. This is probably a good place to quote Ghacks.net's Martin Brinkman: This is the last patch hurrah for the legacy Microsoft Edge web browser, which is being retired by Microsoft.