Security News > 2021
Initially, the website would list data exfiltrated during ransomware attacks, but as of late it has been flooded with data stolen from various organizations that were relying on the Accellion FTA file transfer software. "The exploited vulnerabilities were of critical severity because they were subject to exploitation via unauthenticated remote code execution," Accellion noted in a report detailing Mandiant's investigation into the incident.
POLL Google has revealed that its internal anti-malware tools include a "Social voting" scheme that lets staff vouch for code they want to install won't do any damage. The ad and search giant's rationale is that blocking all unknown software works but may limit productivity, while blocking only known unsafe software requires a lot of vetting.
Together, Okta and Auth0 address a broad set of identity use cases and the acquisition will accelerate the companies' shared vision of enabling everyone to safely use any technology, shaping the future of identity on the internet. "Combining Auth0's developer-centric identity solution with the Okta Identity Cloud will drive tremendous value for both current and future customers," said Todd McKinnon, CEO, Okta.
The battle against hackers and threats is an arms race against highly motivated opponents, and with the number of attacks and threats continually growing, it's impossible to achieve security by simply patching up a broken architecture with single, niche tools. There is an invariable disconnect between where and how security policies are framed, security is enforced, and security is audited.
A new report conducted by Dimensional Research revealed that 32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred. "This research highlights the immense cloud governance gaps enterprises experience that ultimately leave sensitive data vulnerable to breaches. It is critical enterprises adopt a unified approach to properly govern cloud access and protect enterprise data to avoid costly breaches and preserve trust."
Overall unique threats in the wild increased two folds from 389 in 2019 to 600 unique threats in 2020. The financial sector is the most proactive and concerned with cyber threats, running 39% of the total assessments performed, and the technology sector is the second most security conscious.
A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account. The attack, the researcher explains, targets the password recovery process that Microsoft has in place, which typically requires the user to enter their email or phone number to receive a security code, and then enter that code.
80% of businesses worldwide are confident their remote employees, specifically those working with finance software or participating in official company transactions, have the knowledge and technology to mitigate cybersecurity risks, according to ESET. This could possibly be due to increased education around cybersecurity in recent years, but could potentially indicate a false sense of security as well. This general sense of confidence comes as 73% of these businesses also think they are likely to be impacted by a cybersecurity incident.
Broad propaganda penetration is achieved by following a specific set of steps, according to a new IDC Government Insights report. The most successful generators of false news use large networks of pop-up news sites and bot networks to help echo sentiments and increase pass-along rates.
Designed as cloud-native software, BitDam ATP+ is the only solution that protects Office 365 users from unknown threats at first sight. Office 365 ATP, which is considered to have high detections rates, misses more than 25% of the unknown content-borne threats each day.