Security News > 2021

On the face of it, cloud penetration testing might appear a complex undertaking involving very different architectures, such as containers and Kubernetes, to those found in traditional on-prem infrastructure. Having documented proof that you have the requisite skills to conduct cloud specific penetration testing and assess the security of cloud-based infrastructure gives your organisation an additional layer of comfort.

New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The Hacker News.

Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the code. The third-party cookies placed by these scripts can be read on other websites that also load tracking code and are often used to follow people from website to website in order to build interest profiles for behavioral ad targeting.

Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security. In a research paper to be presented in July at the 21st Privacy Enhancing Technologies Symposium, KU Leuven-affiliated researchers Yana Dimova, Gunes Acar, Wouter Joosen, and Tom Van Goethem, and privacy consultant Lukasz Olejnik, delve into increasing adoption of CNAME-based tracking, which abuses DNS records to erase the distinction between first-party and third-party contexts.

This year, companies are having to accept that things have yet to return back to "Normal" and that remote working and hybrid working is here to stay for the foreseeable future. This marks a complete change in attitudes towards flexible working and makes one of the major concerns of many CTOs how to maintain a productive workforce outside of the traditional office environment.

Enterprise third-party risk management programs have been around for a half-decade or longer, and at this point most large organizations run one. Many of these TPRM programs only provide a thin veneer of cybersecurity assurance.

In this story, we have covered everything you need to know about ransomware and how it works. Ransomware has always been one of the most popular kinds of malicious samples uploaded in malware analysis sandbox ANY.RUN. Over 124,00 interactive sessions with ransomware were analyzed online only in 2020.

Over the last year, I've spoken with state IT teams throughout the U.S., and discovered that, while states responded effectively by enabling the move to a virtual working environment, the race to establish remote operations has exposed huge cybersecurity vulnerabilities within local municipalities: the struggle for adequate funding, the challenges in attracting skilled IT workers, and the widening cyber threat landscape are pushing municipalities to the brink. In the last year, RDP attacks increased by over 768%. For cybercriminals looking for vulnerable targets, local governments and municipalities with lax remote work security protocols are perfect targets for ransomware and other malicious actions.

A majority of businesses surveyed for a study by the Economist Intelligence Unit and the Cybersecurity Tech Accord, see state-led and sponsored cyberattacks as a major threat. That attack was a moment of reckoning for many organizations about the challenges posed by state-led and -sponsored cyberattacks but, as the survey reveals, many businesses have long been aware of the escalating threat.

For public health officials, contact tracing remains critical to managing the spread of the coronavirus - particularly as it appears that variants of the virus could be more transmissible. The need for widespread contact tracing at the start of the pandemic led tech giants Apple and Google to announce a plan to turn iOS and Android phones into mobile "Beacons" that alert users who opt in of potential exposure to COVID-19.