Security News > 2021

According to the FTC, in 2016, $75 million was lost due to romance scams with 11,235 cases reported. "Within just a four-year span, romance scam cases increased by 21,557 cases and $229 million more dollars were lost," the site said.

An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers. Attackers spoofing Michael Page UK. "We are continuing to experience a global phishing campaign where our employees are being impersonated," Michael Page UK said.

Increased investments in cybersecurity, information security and consumer privacy are the top priorities of business leader respondents to demonstrate a commitment to building digital trust, according to a newly released report. PwC's latest Cyber Trust report also found that business leaders identified cloud security and data protection and privacy as the most strategic areas to prioritize in improving stakeholder trust.

Non-profit research and development organization MITRE on Friday announced that video conferencing giant Zoom has been named a CVE Numbering Authority. Zoom can now assign CVE identifiers to vulnerabilities found in Zoom and Keybase products - Zoom acquired Keybase in 2020 - but it cannot assign CVEs to security holes found in third-party products.

"It's always good to have more attention on embedded systems security, especially when it involves critical infrastructure. However, focusing entirely on Chinese-manufactured or supplied equipment used in U.S. infrastructure does not take into account that equipment manufactured in the U.S. and Europe also contains significant vulnerabilities. In this year alone, we've seen vulnerability disclosures from CISA from companies like Siemens, GE, and Schneider Electric. There's clear evidence that vulnerabilities from manufacturers around the world - not just China - and they need to be mitigated before threat actors take advantage with devastating consequences." Governments need to take an active role in assisting utilities and other parts of critical infrastructure in their push for manufacturers to make meaningful improvements in the grid equipment security, before the equipment is deployed.

Following a wave of ransomware attacks, network-attached storage appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices. The Taiwanese company, which makes both NAS and professional network video recorder solutions, has long been urging users to improve the security of their devices.

The REvil ransomware gang is known for audacious attacks on the world's biggest organizations, and its demands for astronomical ransoms to match. In an added stroke of criminal ingenuity to ratchet up the pressure to pay, REvil decided to start leaking the ripped off files just hours before Apple's Spring Loaded event on Tuesday, including schematics for some new iMacs it debuted there.

A new ransomware strain called "Qlocker" is targeting QNAP network attached storage devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks.

Perception Point, an Israeli startup focused on protecting against threats coming through collaboration tools, email and other cloud-based services, announced this week that it has raised $28 million in Series B funding, bringing the total amount raised by the company to $48 million. The company describes itself as a protector against "Content-based attacks" that come via collaboration channels, including email, cloud storage, CRM apps, and messaging platforms.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.