Security News > 2021

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. "Some notable targets included an individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force, as well as officers responsible for electoral rolls located in the Pulwama district of Kashmir," the researchers said in a Wednesday analysis.

For globally operating tech companies, these developments point to a future where data privacy will become a compliance minefield. With an incoming Vice President who has a strong record of promoting consumer privacy protection legislation and a substantial political mandate for change, more stringent privacy laws are a question of when rather than if.

A study by Mercer revealed 94% of employers agreed that productivity was the same or higher than pre-pandemic levels, even with employees working remotely in 2020. Devices have become integral to productivity.

The number of annual credential spill incidents nearly doubled from 2016 to 2020, according to F5 research. "Attackers have been collecting billions of credentials for years. Credential spills are like an oil spill, once leaked, they are very hard to clean up because credentials do not get changed by unassuming consumers, and credential stuffing solutions are yet to be widely adopted by enterprises."

A report from F-Secure highlights the rarely-discussed impact these attacks can have on people and families using online services. "Personal information stolen from organizations can easily end up being used against people and families through different types of identity theft, fraud, or other types of harm. And with more and more information being stored digitally, what criminals can do with people's information keeps getting worse. So these attacks on companies can really end up hurting people and not just a business' bottom line," explained Laura Kankaala, a security consultant with F-Secure.

The report provides insights from across the 5G eco-system on the current status of 5G, illustrating the accelerated timetables from service providers in upgrading to 5G standalone with the new 5G Core, and revealing how 5G is driving new initiatives and sector engagements. 5G activity surged in 2020 with accelerated timetables from service providers to deliver 5G SA core deployments, following non-standalone's inability to really wow customers and deliver a solid new revenue proposition.

Guardicore released IPCDump, a new open source tool for tracing interprocess communication on Linux. The tool covers most interprocess communication mechanisms, including pipes, fifos, signals, Unix sockets, loopback-based networking, and pseudoterminals, and is useful for debugging multi-process applications and gaining transparency into how they communicate with one another in their IT environment.

Sentropy announced its first consumer product - and third product overall - Sentropy Protect, which enables Twitter users to proactively identify and protect themselves from abusive Twitter accounts. Built upon its world-class abuse detection technology, Sentropy Protect is the company's newest product that helps tackle online hate and harassment.

Even more than that, it is the SaaS Security Posture Management that is critical to today's company security. Gartner has defined the SaaS Security Posture Management category in 2020's Gartner Hype Cycle for Cloud Security as solutions that continuously assess the security risk and manage SaaS applications' security posture.

Sonrai Security announced significant new functionality designed to automate prevention of data breaches in public cloud deployments for its Sonrai Dig platform. Supporting leading public cloud databases in combination with advanced behavioral modeling and automated blocking, the newly enhanced service helps ensure critical corporate data is secure wherever it resides in cloud environments.