Security News > 2021
The Defense Advanced Research Projects Agency, or DARPA, has signed an agreement with Intel to add it to its Data Protection in Virtual Environments project, which aims to create a practically useful form of fully homomorphic encryption. Fully homomorphic encryption has been described as the "Holy grail" of encryption because it allows encrypted data to be used without ever having to decrypt it.
Unpatched network-attached storage devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. All NAS devices with QNAP firmware released before August 2020 are currently vulnerable to these attacks.
Recent service disruptions at the Pan-American Life Insurance Group were likely caused by a cyberattack conducted by a threat actor known for using the REvil ransomware. The official website of PALIG currently only displays some contact information and the following message: "Pan-American Life Insurance Group is currently experiencing a disruption to some of our services and we are working to restore them. To facilitate communication during this time, we have created temporary email accounts as an official communication channel."
Two Ukrainians charged for their involvement in a network providing cash-out and money laundering services to cybercriminals have been extradited to the United States. According to the indictment, the two were part of a cash-out and money laundering network offering services to cybercriminals who accessed bank accounts using stolen credentials, and then transferred funds to drop accounts maintained by the cash-out actors.
The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.
Several cybersecurity-related acquisitions and mergers were announced in the first week of March 2021. Identity verification-as-a-service solutions provider IDnow announced buying identity Trust Management, a Germany-based firm that offers digital and offline identification solutions.
Someone based in the US, perhaps at an infected organization, uploaded the malware to a public malware repository in August last year for analysis, well before the cyber-spying campaign became public. John McAfee, the security industry's equivalent of a wacky great-uncle who drinks too much at Christmas and goes off the rails, is now facing serious charges from the US Department of Justice.
Liviu Arsene, a global security researcher at Bitdefender, said that the cybersecurity industry could benefit from hiring more neurodivergent people. Two neurodiverse individuals who work in cybersecurity shared their perspectives.
Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs":. Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification.
It is Microsoft Exchange and its drooling minion, Outlook. It's easy to get things wrong in Exchange admin.