Security News > 2021

Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations. Using common web shell utilities as the main hacking tool and rarely relying on other tools, which hindered attribution.

While companies should focus on data privacy all the time, Data Privacy Day on Jan. 28 is a good opportunity to reassess your business privacy strategies and learn some new methods to safeguard data. We gathered a roundup of insights from 10 industry experts with diverse backgrounds to present for Data Privacy Day.

With the growth in IoT devices connected to these networks, security is more vital than ever to prevent attackers from hopping from unsecured IoT devices to corporate networks to business service systems, potentially causing untold damage. Consider security at every step of the evolving network.

The Online Impersonation Prohibition up for debate this week in the Utah House of Representatives, "Makes it a criminal offense, under certain circumstances, to impersonate an individual online with the intent to harm, defraud, intimidate, or threaten any individual," according to the current draft of the legislation. The legislation, officially known as House Bill 239 and sponsored by Utah Rep. Karianne Lisonbee, is part of a larger submission, HB 80, which seeks to amend privacy laws to create an "Affirmative defense" for companies in lawsuits over data breaches, according to a report posted online by Fox 13 in Salt Lake City.

A lack of visibility into remote endpoints can leave your organization vulnerable to ransomware attacks, says security provider Illumio. A report released Thursday by network security provider Illumio explains how this situation could leave organizations more susceptible to ransomware and discusses how they can better protect themselves.

It may be Data Privacy Day, but security experts say privacy should become a daily, defined practice affecting almost all aspects of an organization and no longer just a part of compliance, legal, or auditing disciplines. Here are the top 5 reasons data privacy should be practiced every day.

A newly-uncovered phishing kit, dubbed LogoKit, eliminates headaches for cybercriminals by automatically pulling victims' company logos onto the phishing login page. These targeted services range from generic login portals to false SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals.

A majority of chief information security officers in Europe said their cybersecurity strategy now focuses on mobile devices as a result of employees increasingly working remotely due to the pandemic, IT management and cybersecurity solutions provider Ivanti said in a report published this week. According to Ivanti's report, which aims to promote the adoption of zero trust security strategies, 87% of CISOs said the focal point of their strategy is now mobile devices.

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. When the vulnerability was first disclosed, Google stated that they would block HTTP and HTTPS access to TCP ports 5060 and 5061 to protect against this vulnerability in the release of Chrome 87.

The Mimecast certificate compromise reported earlier in January is part of the sprawling SolarWinds supply-chain attack, the security firm has confirmed. Mimecast joins other cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys in being targeted in the attack.