Security News > 2021

Microsoft announced the addition of Threat Analytics for Microsoft 365 Defender customers and the roll-out of Microsoft 365 Insider Risk Management Analytics, both in public preview. Microsoft 365 Defender is an enterprise defense suite for cross-domain security that helps security teams to stop attacks and coordinate threat protection for devices, identity, data, and applications.

France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach. The company said a malicious third party attempted to breach its computer network, but it immediately took action to contain the attack.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Gootkit financial malware has been resurrected to fling ransomware payloads at unwitting marks, according to Sophos. The infosec firm said today that "Criminal operators have turned the infection method" for the malware "Into a complex delivery platform for a wide range of malware, including ransomware."

The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization. The Register wrote about the domain takeover at the time and, as Foy put it, "The Register had spot-on reporting from the start as did Paul Ducklin at Sophos."

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author," Intezer Lab researcher Joakim Kennedy said in a malware analysis published today revealing the attackers' tactics on the dark web.

For the Defense Industrial Base, the Department of Defense Cybersecurity Maturity Model Certification compliance requirement is the hot news topic of 2021. The short story is that CMMC offers the first federal compliance requirement that looks to create clear cybersecurity standards.

The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader.

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company's internal packages when building the application.

These Skills can often have security gaps and data protection problems, as a team of researchers from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and North Carolina State University discovered, together with a former PhD student who started to work for Google during the project. In their study, the researchers around Christopher Lentzsch and Dr. Martin Degeling studied first-time the ecosystem of Alexa Skills.