Security News > 2021

Japanese video game giant Capcom revealed on Tuesday that, as part of the November 2020 ransomware attack, adversaries targeted an older backup VPN device for initial access. "As described in previous announcements, none of the at-risk data contains credit card information. All online transactions etc. are handled by a third-party service provider on a separate system, and as such Capcom does not maintain any such information internally," Capcom says.

Despite the coronavirus pandemic, 2020 was a record year in terms of venture capital funding for cybersecurity companies, with more than $7.8 billion invested, according to a new report from business information platform Crunchbase. Data from Crunchbase shows that cybersecurity venture funding has been on an upwards trend over the past decade, with roughly 1,500 companies receiving funding since 2017, 58% of which were seed-stage and 32% were early-stage firms.

Continuing a decade-long run of high venture capital funding, 2020 proved to be a record year for cybersecurity investments with over $7.8 billion pouring into 665 deals globally. Driven by an increase in cybersecurity events during the COVID-19 pandemic, remote work, and companies moving operations online, cybersecurity funding in the U.S. increased 22% from 2019 to 2020, according to Crunchbase's Rise Of Global Cybersecurity Venture Funding report.

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. Of note, the U.S. National Security Agency released information on four critical Exchange Server vulnerabilities impacting versions released between 2013 and 2019.

Most educational organizations experienced phishing attempts, while 33% were victims of an account compromise attack, and 27% were hit by ransomware in 2020, according to a new report from cybersecurity vendor Netwrix. Fewer than half of non-education sector organizations experienced the same level of attack.

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.

Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day. Siemens on Tuesday published several advisories related to NAME:WRECK: one advisory to describe two out-of-bounds write flaws that can lead to code execution or DoS attacks, another advisory for a DNS cache poisoning issue, one advisory for two DoS vulnerabilities, and two advisories for the same four DoS and DNS cache poisoning flaws.

Conservative MP Tom Tugendhat has publicly claimed GCHQ sources told him Gmail was more secure than Parliament's own Microsoft Office 365 deployment - but both Parliament and a GCHQ offshoot have told him to stop being silly. "I was told by friends at GCHQ that I was better off sticking to Gmail rather than using the parliamentary system because it was more secure," Tugendhat told the BBC's Today Programme.

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. "Despite their in-DRAM Target Row Refresh mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said.

Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access email accounts and place web shells for continued access.