Security News > 2021

Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. Microsoft Defender for Office 365 provides Office 365 enterprise accounts with email protection against several types of threats including credential phishing and business email compromise, as well as automated attack remediation.

Cybersecurity took center stage in the 16th edition of the World Economic Forum's Global Risks Report alongside the COVID-19 pandemic, climate change, and debt crises. The analysts behind the report called cybersecurity failure among the "Highest likelihood risks" of the next 10 years and IT infrastructure breakdown "Among the highest impact risks of the next decade."

It seems to be the season of sophisticated supply-chain attacks. ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company's official API and file-hosting servers.

Several mergers and acquisitions were announced in the first week of February 2021, and a majority of the companies provide services to government organizations - some of them exclusively to this sector. CDN services provider Akamai has acquired Montreal-based Inverse, a company that provides solutions designed to help organizations identify IoT, mobile and other types of devices.

CyberArk researchers have released BlobHunter, an open-source tool organizations can use to discover Azure blobs containing sensitive files they have inadvertently made public. Despite access to the files uploaded to cloud storages being by default private and cloud providers constantly sharing and reiterating best practices for securing them, misconfigurations happen all the time, making potentially sensitive information publicly accessible to anyone who knows how to find it.

A recently investigated malicious attack was abusing a locally loaded Chrome extension to exfiltrate data and establish communication with the command and control server. While the use of malicious Chrome extensions in attacks is not something new, this attack stands out from the crowd due to the use of 'Developer mode' in the browser to enable loading of a malicious extension locally.

There's a good reason everyone's talking about MITRE ATT&CK: it's an objective, third-party standard with which organizations can measure their own detection coverage, as well as the coverage provided by EDR solutions. Still, even while you appreciate ATT&CK, it's not always clear how you can use it to improve your own organizational security.

Selecting a remote access solution for your business requires a few critical business decisions and use cases as part of the selection process. Enabling your employees to leverage a remote access solution is a go-to need for any business remote tool kit.

Survey respondents were asked to rate 36 macroeconomic, strategic and operational risks, including new risks that emerged this year related to the pandemic and social justice. "More than ever, 2020 demonstrated that organizations can no longer afford a reactive approach to risk management. Pandemic risk loomed on the horizon for a long time - it was a matter of 'when,' not 'if,'" said Jim DeLoach, a Protiviti managing director.

A top challenge for many CEOs over the next few years is managing a remote workforce, a new IBM Institute for Business Value study reveals. CEOs of outperforming organizations - those who were in the top 20 percent for revenue growth of those surveyed - are prioritizing talent, technology and partnerships to position their companies for success post-COVID-19 pandemic.