Security News > 2021

Twitter has removed dozens of accounts connected to Russian government-backed actors disseminating disinformation and targeting the European Union, the United States, and the NATO alliance. These accounts were part of two separate networks with Russian links, each of them specialized in targeting different entities.

The services provided by a class of cybercriminals known as initial access brokers are increasingly sought-after and the risk posed to enterprises is growing, according to digital risk protection company Digital Shadows. Initial access brokers breach as many organizations as they can, but instead of using that access to steal data or cause disruption themselves, they sell access to other threat actors, including ransomware operators and nation-state groups.

Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches. The company initially released the Password Checkup Chrome extension in February 2019 to alert users when their saved logins are weak or affected by a breach.

A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a communications director at the company.

Virtually all payment card terminals at self-checkout lanes now accept cards with a chip to be inserted into the machine. Most modern chip-based cards are significantly thinner than the average payment card was just a few years ago, but the design specifications for these terminals state that they must be able to allow the use of older, taller cards - such as those that still include embossing.

New evidence suggests that the Russia-linked threat actor Gamaredon is a hack-for-hire group that offers its services to other advanced persistent threat actors, similar to crimeware gangs, according to security researchers with Cisco's Talos division. The group operates an infrastructure of more than 600 active domains that are used as command and control for the first stage, which deploys the second stage payloads and updates both stages when needed.

Mozilla Firefox 86 was released today with Total Cookie Protection, a new privacy feature that prevents web trackers from keeping tabs on your activity while browsing the web. With the release of Firefox 86, all other Firefox development branches have also moved up a version bringing Firefox Beta to version 87, and the Nightly builds to version 88.

Supply chain cybersecurity is now top of mind for executives and security leaders across industries, and government agencies, industry groups, and regulators are taking action in an effort to mitigate risk. Because supply chains are often global and span multiple tiers of suppliers, the responsibility of security doesn't rest with a single organization.

As education has moved from in-classroom teaching to remote learning, colleges and universities have had to set up technologies that open the door to greater security risks. A report published Tuesday by cybersecurity provider BlueVoyant looks at the security threats challenging schools of higher learning and offers suggestions on how to combat them.

Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers - including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials.