Security News > 2021

There's an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks, Accurics reveals. Cloud infrastructure risks Kubernetes users who try to implement role-based access controls often fail to define roles at the proper granularity.

The hacking group behind the recent cyber-attack targeting Accellion's FTA file transfer service appears to be linked to a threat actor known as FIN11, security researchers with FireEye's Mandiant division reveal. The attacks on FTA, a soon-to-be-retired service, started in mid-December 2020 and resulted in the compromise of data pertaining to multiple Accellion customers.

The global zero trust security market size is projected to grow from $19.6 billion in 2020 to $51.6 billion by 2026, recording a compound annual growth rate of 17.4% from 2020 to 2026, according to MarketsandMarkets. The data security segment estimated to lead the market in 2020.

The PCI Security Standards Council has published version 1.1 of the PCI Secure Software Lifecycle Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework.

The eBook "5 Security Lessons for Small Security Teams for a Post-COVID19 Era" helps companies prepare for these new work dynamics. The practical insights and provided recommendations make this a very helpful guide for small security teams that feel the brunt of security on a daily basis and now need to add one more item to their security strategy planning and execution.

Unitas Global announces the availability of Unitas Reach, the first global software defined network to offer automated ubiquitous edge access to any cloud location. Unitas Reach is the industry's first purpose-built network connecting cloud providers, carrier-neutral data centers, SaaS applications, and edge access networks to form a multi-service global interconnection fabric.

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.

HID Global announced it has expanded its Seos credential family with two new products. The Seos 16K is the industry's first credential certified to the highest IT security level established by the independent testing service provider TÜV Informationstechnik GmbH, and it features the highest memory in the series to support multi-application deployments.

Nutanix announced additional ransomware protections in the company's cloud platform. A recent Gartner report shared that, "In 2020, in particular, there have been swift changes to threats with increased remote work and targeted malware campaigns that take advantage of worldwide events, such as COVID-19. Ransomware has evolved beyond the commodity, widespread attacks intended to infect a single endpoint to include more advanced techniques, such as fileless malware and data exfiltration []. These new strains of ransomware make prevention and planning more important than ever to prevent ransomware attacks."

Privitar released the latest version of the Privitar Data Privacy Platform which includes enhanced HIPAA compliance-focused features, new "Fast start" rules packs designed to enable first time users to get their data privacy initiatives up and running quickly, and expanded multi language support to enable the masking and unmasking of data in more than 60 languages. "Privitar is committed to helping organizations worldwide maximize the value of their sensitive data by addressing gaps in their privacy strategies," said Nico Dard, Director of Product Management at Privitar.