Security News > 2021

Enterprise IoT security company Armis on Wednesday announced another major funding round that brings its valuation to $2 billion. Armis said it raised $125 million in the latest round, which brings the total investment secured by the company to $300 million.

Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack. Yesterday, CD Projekt suffered a ransomware attack where the attackers claim to have stolen unencrypted source code for Cyberpunk 2077, Witcher 3, Gwent, and an unreleased version of Witcher 3.

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. SIM swap fraud allows scammers to take control of a target's phone number either via social engineering or by bribing mobile operator employees to port it to a SIM controlled by the fraudster.

Intel has issued fixes for five high-severity vulnerabilities in its graphics drivers. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance.

Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility. Disclosed during the last week of January 2021, the vulnerability is tracked as CVE-2021-3156, but it's also called Baron Samedit, and it has been lurking in Sudo since July 2011.

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.

How can enterprises reduce their risk in the cloud? They need to understand the attack surface has changed and operate under the assumption that the number one risk to their hybrid and multi-cloud infrastructure is a trusted identity with excessive high-risk permissions. The only way to manage that risk is to implement the principle of least privilege across their cloud environment.

SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in SAP Commerce. Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory.

Despite all of this, less than 20% of 2020 security budgets were spent on Insider Risk - and more than half of organizations don't have a formal Insider Risk response plan in place. Forrester predicts that 1 in 3 data breaches in 2021 will stem from insiders, and the Code42 2021 DER found that 6 out of 10 IT security leaders believe insider threats will increase, or increase significantly, over the next two years.

Organizations leverage software dependencies for various purposes within their environments, but they are not always aware of the risks associated with this practice, especially if they are not able to efficiently keep track of packages that are used from public repositories. To show the risks associated with using improperly managed public packages, Birsan decided to look for dependencies that known companies use, and show how these dependencies could be abused by threat actors to breach the targeted organizations.