Security News > 2021
Carnegie Mellon University's Software Engineering Institute announced the appointment of Gregory J. Touhill as director of the SEI's CERT Division. The SEI's CERT Division is known around the world for its culture of innovation in cybersecurity areas such as cyber incident management, malicious software analysis, cyber resilience, insider threat detection and mitigation, and cyber workforce development.
Raytheon Technologies announced that its board of directors has elected Dr. Bernard A. Harris Jr. as a director. A distinguished former NASA astronaut who is currently the chief executive officer of Vesalius Ventures, a venture capital firm, Harris is an experienced business leader with significant accomplishments in space exploration and advancement of emerging technologies.
Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances - including a zero-day flaw that won't be patched until next month. On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways.
Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.
What that notice says is that KrebsOnSecurity is somehow on Gartner's "Non exhaustive list of competitors," i.e., online venues where technology companies are not allowed to promote Gartner reports about their products and services. The bulk of Gartner's revenue comes from subscription-based IT market research.
Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month. Tracked as CVE-2021-22893 and discovered in April 2021, the fourth vulnerability won't receive a patch until early May, but Pulse Secure says that it has already provided mitigations to a very limited number of customers affected.
The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.
The REvil ransomware gang asked Apple to "Buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event. The ransomware gang wants Apple to pay a ransom by May 1st to prevent its stolen data from being leaked and added that they are also "Negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands."
Facebook wants you to believe that the scraping of 533 million people's personal data from its platform, and the dumping of that data online by nefarious people, is something to be "Normalised." A blundering Facebook public relations operative managed to send a journalist a copy an internal document detailing the antisocial network's strategy for containing the leaking of 533 million accounts - and what the memo contained was infuriating though unsurprising.
HYPR, a company that provides a cloud-based passwordless authentication platform, has raised $35 million in a Series C financing, doubling the company's total funding to more than $70 million. The company's multi-factor authentication technology helps companies go passwordless by leveraging the convenience of a smartphone with the added security of a smart card.