Security News > 2021

A Ukrainian national arrested for his role in a hacking group that compromised millions of financial accounts was sentenced to a decade in prison, US prosecutors said Friday. Fedir Hladyr, 35, had a high-level role as a manager and systems administrator for a hacking group known at FIN7, authorities said.

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist's iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite.

Several cybersecurity-related acquisitions and mergers were announced in the week of April 12-18, 2021. Through its acquisition of SecretHub, 1Password aims to provide solutions designed to help enterprises secure not only human passwords, but also infrastructure and machine-to-machine secrets.

Last Thursday, Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council with a focus on 5g networks and software and cloud services vulnerabilities. "That is why I am refocusing and revitalizing the FCC's Communications, Security, Reliability, and Interoperability Council for the challenges of today and tomorrow. The damage from recent supply chain attacks, like the SolarWinds software breach, demonstrates our need for a coordinated, multifaceted, and strategic approach to protecting our networks from all threats."

The SolarWinds hackers took full advantage of what George Kurtz, CEO of top cybersecurity firm CrowdStrike, called "Systematic weaknesses" in key elements of Microsoft code to mine at least nine U.S. government agencies - the departments of Justice and Treasury, among them - and more than 100 private companies and think tanks, including software and telecommunications providers. The campaign's "Hallmark" was the intruders' ability to impersonate legitimate users and create counterfeit credentials that let them grab data stored remotely by Microsoft Office, the acting director of the Cybersecurity Infrastructure and Security Agency, Brandon Wales, told a mid-March congressional hearing.

Europol's Serious Organized Crime Threat Assessment report 2021 summarizes the criminal threat of the last four years and provides insights into what to expect over the next four years. Organized crime is not limited to cybercrime, but cybercrime has become a major part of organized criminal activity.

UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments - but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells from Exchange Server deployments compromised in the Hafnium attacks.

PlexTrac, a company that provides information security management solutions for security teams, last week announced closing a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group, with participation from StageDotO Ventures. Founded in 2016, the Boise, Idaho-based company aims to bring red and blue teams together - in what is called purple teaming - allowing them to collaborate in real time on cyberattack simulations.

Pakistan shut down several social networks within its borders on Friday but lifted the ban after around four hours. The Register understands the ban covered Facebook, Twitter and YouTube, plus messaging services WhatsApp, and Telegram.

While developing a seamless and successful digital mindset with a security strategy is not a simple task, the effort is crucial for the health of a company. To help development teams write more secure code, companies must take measure of developers' existing security knowledge and workflows, as well as understand how security impacts their end users.