Security News > 2021
Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "Access to classified or sensitive information" being targeted by Britain's enemies.
Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window. Name property has been available for websites to store whatever data they choose to, but such data has often been allowed to leak between sites, essentially allowing for the tracking of users across the pages they visit.
Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base networks. To mitigate the vulnerability tracked as CVE-2021-22893, Pulse Secure advises customers with gateways running PCS 9.0R3 and higher to upgrade the server software to the 9.1R.11.
The open source community delivered vital help to companies affected by the SolarWinds attack. One underappreciated facet of the wide-ranging scandal that has engulfed much of the U.S. government and hundreds of major companies involves the powerful role the open source community played in helping enterprises respond to the crisis, according to Greg Bell, co-founder and CSO of cybersecurity company Corelight.
Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. When users click on the ad, they are brought to a fake Microsoft Store page for a fake 'xChess 3' online chess application, which is automatically downloaded from an Amazon AWS server.
The Biden administration is taking steps to protect the country's electric system from cyberattacks through a new 100-day initiative combining federal government agencies and the private industry. The initiative, announced Tuesday by the Energy Department, encourages owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks.
California-based cloud data protection and management firm Druva on Monday announced raising another $147 million, which brings the company's valuation to more than $2 billion. Druva has developed a cloud-native platform that helps organizations protect data across cloud environments, endpoint devices, SaaS applications and hybrid environments.
SaaS security company Grip Security on Tuesday emerged from stealth mode and announced raising $6 million in seed funding. Grip Security has developed a platform that is designed to help organizations discover, monitor and secure their SaaS applications, regardless of where they are located and what types of devices they are running on.
American auto insurance provider GEICO has disclosed a cyber-incident that resulted in driver's license numbers being compromised. A wholly owned subsidiary of Berkshire Hathaway, the Government Employees Insurance Company is the second largest car insurer in the United States, but also offers property insurance.
Hot off its divestment from parent company Dell, VMware is announcing a new remote work solution called VMware Anywhere Workspace, a zero-trust, cloud native platform that the company said is designed to eliminate friction between IT and remote employees, all while improving security and reducing overhead. "Remote work is here to stay, and businesses are transforming into anywhere organizations with a distributed work model," said Shankar Iyer, SVP and GM of end user computing at VMware. VMware sees a solution in Anywhere Workspaces, which Iyer said is designed to solve three problems: Managing remote and hybrid-remote employees, improving edge security and automating workspaces.