Security News > 2021

The FBI arrested a Texas man on Thursday for allegedly planning to "Kill of about 70% of the internet" in a bomb attack targeting an Amazon Web Services data center on Smith Switch Road in Ashburn, Virginia. Seth Aaron Pendley, 28, was charged via criminal complaint on Friday morning for attempting to destroy a building using C-4 plastic explosives he tried to buy from an undercover FBI employee.

Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today. Pierre Fabre is the second largest pharmaceutical group in France and the second largest dermo-cosmetics laboratory globally.

The Swarmshop cyber-underground "Card shop" has been hit by hackers, who lifted the site's database of stolen payment-card data and leaked it online. Card shops, are online cybercriminal forums where stolen payment-card data is bought and sold.

The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Pwn2Own is a bug bounty program with a twist.

Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how "Autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts." Reinforcement learning, Microsoft explains, is a type of machine learning that teaches autonomous agents to make decisions based on the interaction with the environment: agents improve strategies through repeated experience, similarly to playing a video game over and over to become better at it.

Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware. IcedID is a modular banking trojan first spotted in 2017 and updated to also deploy second-stage malware payloads, including Trickbot, Qakbot, and Ryuk ransomware.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments. Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection tool that was released in December 2020.

The American Society for Clinical Pathology disclosed a payment card incident that impacted customers who entered payment info on its e-commerce website. The Chicago-based association for medical professionals is the world's largest such organization for pathologists and laboratory professionals.

Nearly a third of Britons use the name of their pet or a family member as a password, the National Cyber Security Centre has said as it advised folk to adopt what looks very much like a Register forum user's suggestion for secure password generation. A survey of 1,282 British adults commissioned by the NCSC showed that 15 per cent used a pet's name while 14 per cent use the name of a family member as a password.

Last year, Gartner published a market guide on network detection and response. While technology evolves, and network and security professionals develop more sophisticated techniques to stop attacks, one thing remains true: Humans are still a big problem in the equation.