Security News > 2021

With a history of leveraging societal maladies to their advantage, cyber criminals leverage the confusion and unpreparedness created by the global pandemic in their cyber attacks. Cybersecurity company Cynet will help by reviewing the 2020 high profile attacks in depth and guide cybersecurity professionals for 2021 in an upcoming webinar.

42% of global consumers use a free FinTech app or platform. The research reveals interesting findings about how consumers protect their sensitive information when using financial technology applications.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

A "Severe" vulnerability in GNU Privacy Guard's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems.

If you've followed the history of malware in recent years, you will definitely have heard of Emotet, and you'll have a very good idea of what happens next to Emotet victims if the malware breaches their defences. The macros used by Emotet documents are the opening gambit in the malware attack, and they initiate the next stage of the infection, typically launching a heavily disguised PowerShell command to download and implant the Emotet malware program itself.

Cloudreach announced the launch of Cloudreach DevOps as a Service. DevOps as a Service is the first of its kind in the market, and fundamentally changes how cloud IT services are consumed to make it easy for enterprises to adopt cloud native technologies and practices.

Organizations with a remote workforce that rely on Microsoft Teams for a centralized workplace for collaboration, can add best-in-class Encryption and Rights Management to ensure automatic protection of sensitive data shared and accessed from Microsoft Teams. Seclore for Microsoft 365 offering allows organizations to automatically add persistent, granular usage controls to sensitive documents worked on in Microsoft Teams channels.

MariaDB announced that MariaDB SkySQL's comprehensive security capabilities have earned ISO/IEC 27001:2013 certification. The ISO certification adds to MariaDB's extensive security measures built and established to safeguard customer data at every level.

Baffle announced that its Data Protection Services supports data de-identification, dynamic data masking and adaptive data security controls for Amazon Redshift. Baffle DPS is the only solution that provides seamless integration with AWS Database Migration Services, AWS Glue, AWS S3 and Redshift without any code changes to provide end-to-end protection of the modern data pipeline.

"Since day one, we've believed that no company operating in the cloud should ever lose data. We are laser-focused on achieving our vision of a single pane of glass for companies to manage, backup, and secure all of their SaaS data," said Sam Gutmann, CEO of OwnBackup. "As cloud adoption and digital transformation accelerate, the data produced by and stored in SaaS applications is growing even faster. Executives recognize that their approach to cloud data management and security must evolve and adapt to a cloud-native paradigm. Our platform is purpose-built for cloud-to-cloud backup and protection and this latest round of funding is the next step in our mission to help our customers truly own their SaaS data."