Security News > 2021

Another month and two more British companies behind nuisance marketing calls are collectively facing a £270,000 penalty for breaking the law by calling people registered by the Telephone Preference Service. Just last month UK data watchdog the Information Commissioner's Office issued the same financial slap against four companies found to be flouting regulations.

Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer that North Korean hackers are believed to have exploited in a campaign targeting security researchers. South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.

Famed "Shark Tank" investor and cybersecurity entrepreneur Robert Herjavec has agreed to sell a majority stake in Herjavec Group, the security firm he founded in 2003, to investment group Apex Partners. Datadog, a provider of monitoring and security solutions for cloud applications, will acquire SaaS security platform Sqreen, which is designed to protect enterprises against application-level attacks.

In September 2019, another similar vulnerability was found being exploited by the same hacking group. More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order.

VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery.

Internet Security Research Group nonprofit Let's Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours. Last April the certificate authority was forced to kill three million HTTPS certs after a bug was found in its automated certificate management environment, about 2.6 per cent of its 150 million live certificate base.

Accellion has formally announced plans to retire FTA, the large file transfer service that was at the heart of several recently disclosed data breaches. FTA runs on CentOS 6, an operating system that reached end-of-life on November 30, 2020, a matter that Accellion brought to the attention of FTA customers six months ago.

Recently, much of the cybersecurity commentary and blogs have talked about new approaches for protecting the network, especially beyond the perimeter. The trend is for our discussions to take on a verbal shorthand and presume that everyone understands what we mean when we talk about protecting the network, beyond the perimeter.

To select a suitable DRM solution for your business, you need to think about a variety of factors. When choosing a DRM solution for your business some of the important things to take into consideration are its scalability, flexibility, and security.

Microsoft president Brad Smith said the software giant's analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers. Speaking on US news magazine program 60 Minutes, Smith labelled the attack "The largest and most sophisticated attack the world has ever seen."