Security News > 2021

The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks. If exploited, these flaws could be chained together to allow remote code execution, denial of service and other attacks.

Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling. In an update and white paper [PDF] released on Tuesday, FireEye warned that the hackers - which intelligence services and computer security outfits have concluded were state-sponsored Russians - had specifically targeted two groups of people: those with access to high-level information, and sysadmins.

As the incoming Biden administration continues to shake up federal leadership, the National Security Agency announced Friday that Rob Joyce, who is currently serving at the U.S. Embassy in London, was named to lead its cybersecurity division. Joyce will inherit the job from Anne Neuberger, who will leave the post to serve as deputy national security adviser for the National Security Council, putting her in charge of cybersecurity for the entire federal government.

The FBI is cautioning companies to beware of a slew of voice phishing attacks aimed at capturing the login credentials of employees. In an advisory released last Thursday, the FBI revealed that as of December 2019, cybercriminals have been working together on social engineering campaigns targeting employees at large firms both in the US and abroad. The criminals are taking advantage of VoIP platforms to launch voice phishing, or vishing, attacks.

On Jan. 7, Hikvision released a report outlining 10 of the top security trends for 2021. "Multidimensional perception capabilities will play a fundamental role in taking the video security industry to the next level, and we constantly see growing numbers of integrated security devices and systems with multiple sensors," the release said.5G-enabled security boosts.

FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. The SolarWinds supply chain attack has made hundreds of victims, and potentially impacted entities should check their systems for signs of an intrusion associated with this attack.

The release was granted in part due to Ferizi's 2018 diagnosis of asthma, as well as a COVID outbreak at the facility where he was housed in 2020. While Ferizi was in quarantine awaiting deportation the Justice Department unsealed new charges against him, saying he'd conspired from prison with associates on the outside to access stolen data and launder the bitcoin proceeds of his previous crimes.

The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro. Identified in 2018 and mainly focusing on Ukraine, VPNFilter rose to fame quickly due to the targeting of a large number of routers and network-attached storage devices from ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, and ZTE. Believed to be operated by Russian threat actor Sofacy, with possible involvement from Sandworm, VPNFilter emerged as a major threat right from the start: 50 impacted device models, the potential to compromise critical infrastructure, and approximately 500,000 bots observed across 54 countries.

TechRepublic will be reporting on all of the CES 2021 tech news that business pros need to know. CES 2021 wrap up: How enterprise tech makes all those smart toilets and robots possibleFrom smart toilets and disinfecting robots to transparent OLED displays and sleep tech, CES 2021 was a showcase for the latest innovations in consumer and enterprise technology.

A report from NordVPN finds disagreement on which political leader does better on privacy issues, whether disinformation should be banned, and what the biggest cyberthreat is. VPN service provider NordVPN has released the results of a Politics and Digital Privacy Study conducted on US citizens, finding party line divisions on many issues, but general agreement on others, such as whether Big Tech should be liable for its use of personal data or whether a policy similar to the proposed EU Digital Services Act should be enacted in the US. The study surveyed 1,000 American adults and focused on questions about privacy issues and disinformation on the internet with the aim of determining opinions on who should regulate those issues in the American market.