Security News > 2021

Former Google and Twitter security leader, Co-Director of Stanford Online's Advanced Cybersecurity Certificate Program and best-selling author Neil Daswani is releasing his book, Big Breaches: Cybersecurity Lessons for Everyone, co-authored together with Moudy Elbayadi, CTO of Shutterfly. As a Chief Information Security Officer, entrepreneur and educator, Daswani distills his experiences, research and analyses to offer current and aspiring CISOs, CIOs, CTOs as well as security and technology professionals a roadmap for recovery, providing actionable insights.

One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with upgraded capabilities including screen capturing, proxy tunneling, credential theft, and fileless execution. First documented in 2016 by FireEye, FIN8 is known for its attacks against the retail, hospitality, and entertainment industries while making use of a wide array of techniques such as spear-phishing and malicious tools like PUNCHTRACK and BADHATCH to steal payment card data from point-of-sale systems.

VMware announced portfolio updates to help customers modernize their applications and infrastructure. The new releases of vSphere 7 and vSAN 7 will help IT teams support new and existing applications with infrastructure that is developer and AI-ready; scales without compromise; boosts infrastructure and data security; and simplifies operations.

Sontiq announced it has acquired data breach intelligence fintech Breach Clarity. As a result of the acquisition, Sontiq's products - IdentityForce, Cyberscout, and EZShield - all built on its tech-enabled IIS Platform, will have the proprietary capability, BreachIQ. Sontiq is the first provider in the identity security marketplace to offer consumers an AI-driven and proprietary personalized risk score with actionable next steps based on their unique data breach history.

Hawk is integrated with AWS and other leading cloud platforms and tools, providing a unified view across hybrid infrastructure. "Using AWS with Gigamon Hawk, for example by leveraging Amazon Athena to analyze application metadata collected by Hawk in S3 buckets, customers can gain the visibility they need across their hybrid - or pure cloud - infrastructure to be confident in its security, performance and scalability," commented Scott Ward, Principal Solutions Architect at AWS. "We are seeing most of our clients accelerate the movement of their mission-critical apps and workloads to the cloud, resulting in increasingly complex hybrid cloud infrastructures and interactions."

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. A successful exploitation of the flaws allows the adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.

Mastercard is expanding the Engage platform, offering customers easy access to a growing network of qualified technology and fintech partners that can quickly deploy Mastercard Digital First solutions. These solutions will enable customers to provide entirely digital payment experiences for consumers, from acquisition and card usage to management and engagement, with a physical card option.

Microsoft Edge Legacy has officially reached the end of life today, and starting tomorrow, the web browser will begin displaying notifications telling users to switch to the new Chromium-based Microsoft Edge. "This version of Microsoft Edge is no longer supported or receiving security updates. Download the new version of Microsoft Edge today."

An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. The application's name is "Automatic call recorder" or "Acr call recorder" and has thousands of user reviews in App Store amounting to a rating above 4 stars; it has also been listed among the top call recording apps for iPhone.

CybelAngel announced its major UK expansion with a five-fold investment increase, a series of new hires to its sales and marketing team as well as a new UK office. CybelAngel's decision to expand in the UK follows a series of growth milestones and new additions to its portfolio less than a year after the company's $51 million total funding.