Security News > 2021

FedHIVE announced it became the first small-business provider to secure FedRAMP High Impact Baseline Provisional Authority to Operate for its Infrastructure-as-a-Service and Platform-as-a-Service capabilities. FedHIVE's FedRAMP authorization lowers barriers to entry for prospective contractors by facilitating market access and streamlines digital transformation by directly supporting the journey.

Elliptic Labs announced a collaboration with Cadence Design Systems to optimize its machine learning algorithms on Cadence Tensilica HiFi DSPs. Enabling Elliptic Labs to bring richer user experiences to end products while simultaneously reducing power consumption for energy-critical applications, this collaboration benefits customers in a wide range of markets, including smartphone, laptop, IoT and automotive. Elliptic Labs has deployed its AI Virtual Smart Sensors in over 150 million devices.

Entrust announces the integration of its nShield hardware security modules with Microsoft Double Key Encryption. Double Key Encryption for Microsoft 365 protects a company's highly sensitive data using two component keys - one key that is in the customer's control and a Microsoft key stored securely in Microsoft Azure.

CloudBlue has completed the acquisition and integration of Harmony Business Systems. Its comprehensive professional services automation and revenue management software is now a complement to CloudBlue's portfolio of services designed to simplify and accelerate resellers' transition to an everything-as-a-service business.

Wipro and Ampion's combined offerings, powered by engineering transformation, DevOps and security consulting services will bring scale and market agility to respond to the growing demands of customers. The acquisition of Ampion is an important step for Wipro in this direction, and strengthens the commitment towards clients and stakeholders in Australia and New Zealand.

Attacks against firmware are snowballing, outstripping many organizations' cyber-defenses, according to a survey from Microsoft. The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years - but only 29 percent of security budgets goes to firmware security.

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format.

Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers. Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 requested federal agencies to take the necessary steps to disconnect and update Exchange servers, the new directive demands agencies to accelerate the mitigation process.

A pair of unpatched vulnerabilities in QNAP small office/home office network attached storage devices could allow attackers to execute code remotely, according to a warning from security researchers at SAM Seamless Network. The bugs were found to affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446, but potentially impact other QNAP devices as well, provided they use the same firmware release.