Security News > 2021

Venafi announced the findings of a global survey of more than 1,500 IT security decision makers that reveals that 60% of security professionals believe ransomware threats should be prioritized at the same level as terrorism. 37% of respondents would pay the ransom but 57% would reverse that decision if they had to publicly report the payment, as required by the Ransomware Disclosure Act, a U.S. Senate bill that would require companies to report ransomware payments within 48 hours.

Organizations are in danger of allowing the spectre of ransomware attacks to distract them from keeping up with general security measures, according to SE Labs. The company says that businesses that challenge their own security environments, and make adjustments where necessary, will be better protected against regular attacks.

The fraud detection and prevention market is expected to surpass $100 billion by 2027, as reported in a research study by Global Market Insights. The internal fraud type is anticipated to grow at over 25% CAGR between 2021 to 2027 due to the rising collusion among employees.

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "Large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors.

The number of malicious dormant domains is on the rise, and as researchers warn, roughly 22.3% of strategically aged domains pose some form of danger. Based on that, efforts in detecting strategically aged domains before they get the chance to launch attacks and support malicious activities have picked up pace.

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.

Only to return to the fray this week and find that the Apache Log2j team just put out the fourth patch in what you might call the Log4Shell Vulnerability Saga. Apache rapidly publishes Log4j 2.15.0, fixing the primary security hole.

The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. While they provided a decryptor to the police department, the ransomware operation refused to provide a list of stolen files or how they breached the department's network.

The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. Last month, a US police department was breached by AvosLocker, who encrypted devices and stole data during the attack.

T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "Very small number of customers" who fell victim to SIM swap attacks. SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards.