Security News > 2021

The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system. The decision follows concerns last month that as a result of the SolarWinds fiasco - in which suspected Kremlin spies gained access to the networks of multiple US government departments via backdoored IT tools - the court system itself may have been hacked, making Highly Sensitive Documents accessible.

Public 5G networks, private 5G networks, broader attack surfaces, and more complex environments add extra layers of vulnerability, expert says. We're actually going to see private 5G networks interacting with public 5G networks, but here's the rub: Not for benign use cases.

Advanced persistent threat group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom "Caterpillar" webshell and the "Explosive RAT" remote access trojan, both of which researchers at ClearSky Security said they linked to the compromise of the public servers [PDF], which allowed widespread espionage.

CISOs need to be more vigilant about building cybersecurity into projects from the beginning, one CISO says.

Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. The Office of the Washington State Auditor states that they suffered a data breach after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.

"In 2015, Juniper revealed a security breach in which hackers modified the software the company delivered to its customers," a Wyden statement read. "Researchers subsequently discovered that Juniper had been using an NSA-designed encryption algorithm, which experts had long argued contained a backdoor, and that the hackers modified the key to this backdoor." "The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company's software updates," the members wrote.

The U.S. Federal Trade Commission said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. "2020's biggest surge in identity theft reports to the FTC related to the nationwide dip in employment," the FTC said.

Rather, it is to illustrate some of the uses for automated pentesting tools and how they may even be used for specific types of attacks to raise awareness of these unauthorized devices. The concept behind this vulnerable OS is for users to test their security skills, effectively learning how to exploit these systems and how to best protect them.

Here's our latest Naked Security Live talk, where we answer the thorny question, "What if my password manager gets hacked?". We often recommend password managers, as we did last week in our article Cybersecurity tips for university students.

Cybersecurity researchers today disclosed a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong, and Sri Lanka.