Security News > 2021

Increasing numbers of senior ex-GCHQ people have called for laws preventing businesses using cyber insurance to buy off ransomware attackers - with the money merely perpetuating the criminals' business model. Marcus Willett, a senior cyber adviser with the International Institute for Strategic Studies and former GCHQ director of cyber, wrote at the end of March that the world needs "New laws establishing disincentives to pay ransoms to cyber criminals."

Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco's Talos division report. Attackers leveraged these platforms to deliver lures and infect victims with ransomware and other malware.

Even though the model is tiered, organizations will expend a significant effort to ensure they align with the compliance level appropriate for their contracts. This is why one XDR provider has created a new guide to demonstrate how it helps organizations achieve CMMC compliance.

March kept us all very busy with the ongoing out-of-band Microsoft updates for Exchange Server and the printing BSODs, which plagued us since last Patch Tuesday. The Forum of Incident Response and Security Teams is an international organization that provides best practices and assistance when dealing with a security incident.

The new solution will help increase visibility, enable compliance and enhance security for containerized applications from build to production in public cloud and on-premises environments. nFront Weak Password Scanner helps orgs scan breached passwords.

India's National Health Authority has commenced a pilot of facial recognition software as a means of identifying people as they queue in the nation's COVID-19 vaccine centres. The reason for using facial biometrics is simple: fingerprints or eyeball scans require touching equipment and getting close to machinery, both risky activities during the pandemic.

While 59% of employees received cybersecurity training from their companies in response to the COVID-19 outbreak, the survey uncovered that these initiatives have been insufficient. Cybersecurity training and cyber safety 59% of employees were trained on cybersecurity as a response to the work-from-home shift caused by COVID-19.

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance.

Bitdefender released a report revealing top cybersecurity threats, frequency of threats and cybercrime trends of 2020. "Our 2020 findings depict consumers under constant assault from cybercriminals looking to capitalize on fear and societal uncertainty accompanying the global pandemic," said Bogdan Botezatu, director of threat research and reporting at Bitdefender.