Security News > 2021

Exploit acquisition company Zerodium announced last week that it's temporarily offering $300,000 for high-impact WordPress exploits. The company typically offers $100,000 for WordPress RCE exploits, the same amount as for Webmin, Plesk, and cPanel/WHM exploits.

Cybercrooks claim to speak from a higher authority than just a missed home delivery. Sometimes they masquerade as an official government body, complete with all the right logos, the right terminology and even a realistic-looking website carefully cloned from the real deal.

Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. Reacting to the development, the company however said it had recently upgraded its security systems following reports of "Unauthorized access into our database" while stressing that users' funds and securities remained protected.

Iran has admitted that one of its nuclear facilities went offline over the weekend, and a single report claiming Israeli cyber-weapons were the cause has been widely accepted as a credible explanation for the incident. Iran on Sunday published this announcement that said an "Accident" impacted the "Electricity distribution network" at its Natanz enrichment facility.

Behind the strategies and solutions needed to counter today's cyber threats are-dedicated cybersecurity researchers. What drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from around the world.

"Before my arrival at ManoMano, security was managed individually by each team at the company. There was no security team per se, no unique strategy and no clear security framework. Everyone's approach was very operational, which worked but kept the security stature at a level that was acceptable and functional," he told Help Net Security. "First of all, there had to be a focus on communication and open collaboration - I needed to listen and watch, understand the business challenges and security risks that were present at that time. Secondly, I focused on presenting a clear vision of the strategy across the business, laying out a concrete action plan with desired results. Finally, I immediately started thinking about the recruitment of new talent so we could build a smashing security team."

The reason? While many mission-critical cloud applications like Salesforce have security functionality built-in, they don't consider the levels of customization and complexity that organizations introduce while implementing these solutions. Security configurations: One of the most critical focus areas for Salesforce security is proper configurations.

Organizations have piled security controls upon security controls, and still remain largely blind to the most serious threats they face. Firewalls, vulnerability management and endpoint tools may offer a base layer of protection, but they are inherently weak without an added layer that includes analysis of daily exposures caused by configuration errors, exploitable vulnerabilities, mismanaged credentials and other common points of risk.

In this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence. You need to plan and invest both time and resources well ahead of time to make sure you're at the right position at the right time to collect intelligence.

There's an increasing need for process automation in IT Operations as a result of organizations' digital transformation initiatives to meet customer and employee demands, as well as remote and hybrid work policies brought on by the pandemic, according to a Transposit study. The report contains findings regarding the impact of remote work and digital transformation on service incidents and remediation.