Security News > 2021

Secondly, a given password might be somewhat easy to guess, despite existing password requirements. Password changes only occur via the user or Active Directory administrator.

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.

CyberSheath launched its Managed IT Services for Defense Contractors to ensure compliance with the new cybersecurity standards for commercial contractors of the United States government. The managed services include a Shared Security Compliance Framework to ensure compliance for both DFARS Clause 252.204-7012 / NIST SP 800-171 and the new DFARS 252.204-7019-7021 CMMC requirements.

While technical solutions like spam filters and mobile device management systems are important for protecting end-users, with the number of threats and the multitude of systems and communications through which staff performs work, the one unifying risk factor that has to be addressed to improve fundamentally, security is the role of human error. Almost all successful cyber breaches share one variable in common: human error.

Threat Stack announced new capabilities that help security teams quickly detect and remediate threats in cloud infrastructure. Threat Stack now enriches Linux host and container events in real time with EC2 metadata like VPC, security group, and DNS names.

"A few thousand devices are impacted," SonicWall said in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability." On January 22, The Hacker News exclusively revealed that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "Probable zero-day vulnerabilities" in its SMA 100 series remote access devices.

BIO-key announced new capabilities for its PortalGuard IDaaS cloud-delivered authentication solution. To mitigate common threats while providing more convenient methods of authentication such as passwordless, biometric, and adaptive technologies, BIO-Key is introducing new innovations for PortalGuard IDaaS to better serve customers who are keen to have more options for securing their hybrid environments of cloud-based and on-premises applications, as well as multiple directory support, including Microsoft Azure.

For the first time, business leaders now have a comprehensive and seamless user lifecycle management solution all within Cleanshelf, pairing high-performing technology visibility and insight with controls provided by an Identity and Access Management platform like Okta. With Cleanshelf's integrated platform, business leaders won't have to manually track down internal SaaS tools or paper audits which usually result in provisioning gaps.

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors.

SirionLabs and KPMG announced a strategic alliance focused on helping enterprises accelerate their business transformation journey to drive better outcomes in third party relationships. Central to these transformation objectives is the ability to effectively manage third-party relationships including customers and suppliers, and the underlying contracts that drive those relationships.