Security News > 2021

Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. "Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor," Mimecast said.

Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them - and then infects their organizations' systems with custom backdoor malware. The effort includes attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts in order to look like legitimate security researchers themselves, according to a blog post by TAG's Adam Weidermann.

Google says it's making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials. The company gave an update Monday on its work to remove from its Chrome browser so-called third-party cookies, which are used by a website's advertisers or partners and can be used to track a user's internet browsing habits.

Several companies that provide services for mitigating distributed denial-of-service attacks reported seeing records being broken in 2020. In a report published on Tuesday, Akamai said it saw the largest global DDoS extortion campaign, more customers attacked than in any other previous year, the largest ever attack in terms of million packets per second, and a record number of new customers that urgently needed protection due to an ongoing or imminent attack.

For many enterprises, 2020 was a tough year for cyberattacks, with dozens suffering from devastating DDoS attacks due to the newfound reliance on digital tools, according to a new report from cybersecurity firm Akamai. "In fact, across all attacks, 7 of the 11 industries we track saw more attacks in 2020 than any year to date. Think about that. This was led by huge jumps in Business Services, Education, Financial Services, Retail & Consumer Goods, and Software & Tech," the report said.

NetBackup9 customers wanted developer Veritas Technologies to develop a new tool for those "Operating demanding multicloud data centers with heterogeneous environments that require a data protection platform without compromise," and today Veritas announced its new NetBackup Flex Scale. NetBackup 9, Seidman said, "Is part of our enterprise data services platform around availability, protection, and insights, making sure applications and data are always available, that their data is always protected and recoverable. From an insight standpoint, that's how we provide our customers with the ability to have insights into their infrastructure, into their data, into their backup, protection environment and help reduce risk and improve their ROI".

States across the country are increasingly realizing that more needs to be done to prepare in advance of cyberattacks, according to Louisiana Gov. John Bel Edwards, who spoke at the National Governors Association's biennial National Summit on State Cybersecurity. "Two of the most critical actions that I took as governor were establishing the Louisiana Cybersecurity Commission and developing a statewide incident response plan. One of the most critical things you can do as a state is to have a cyber emergency preparedness plan that has been battle-tested and validated," he said.

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information.

A zero-day hunter has told The Register of the "Holy f**k" moment when he realised he'd been targeted by a North Korean campaign aimed at stealing Western researchers' vulns. Enraged by the deception, Caceres also offered a hefty bounty for information leading to the arrest of "James Willy", who appears to be one of the North Korean actors engaged on the Pyongyang-driven campaign.

A new survey from Syntax found that many decision-makers are not happy with their existing security tools and plan to shift from internal teams to MSPs. IT leaders are turning to outsourced cybersecurity support in response to the spike in cyberattacks since the start of the COVID-19 pandemic. A strong trend toward outsourcing cybersecurity to MSPs.A disconnect between cloud issues and cloud spending.