Security News > 2021

The SolarWinds cyberattackers compromised the head of the Department of Homeland Security under former president Trump and other top-ranking members of the department's cybersecurity staff, according to a report. With Sunburst embedded, the attackers were then able to pick and choose which organizations to further penetrate, in a massive cyberespionage campaign that has hit nine U.S. government agencies, tech companies like Microsoft and 100 others hard.

The Internal Revenue Service is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. "The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions," the US revenue service warned.

The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion's File Transfer Appliance file sharing service. Last week, Shell revealed that it was one of the organizations affected by the Accellion cyber-attack, confirming that attackers were able to steal both corporate data and personal information pertaining to its employees.

CloudLinux announced the general availability of AlmaLinux OS, the open source enterprise-grade Linux distribution created as a replacement for CentOS. The new operating system is released in a stable version and is ready for production workloads. The AlmaLinux project named Jack Aboutboul as community manager of AlmaLinux.

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. The threat actor who put the allegedly stolen data up for sale also created a search portal to allow anyone to check if their data is included in the stolen data.

Some jokingly said the cryptic tweet, ";l;;gmlxzssaw," was a US nuclear launch code. Now the US Strategic Command, which runs the country's powerful nuclear weapons force, says the enigmatic posting on its Twitter account in fact came from the hands of a precocious kid.

There are still way way to many people not listening and whilst they think they msy never come to harm They forget their behaviours result in harm comming to others. So if you can stand there with the plaintext in front of you then so can somebody else who is not someone you can trust now or in the future even if they have been trustworthy in the past.

According to a new Security Signals report released Tuesday by Microsoft, a whopping 80 percent of businesses reported "At least one firmware attack" in the past two years but only 30 percent allocated any budget spend on firmware protection. Businesses aren't paying close enough attention to securing this critical layer, says David Weston, Microsoft partner director of OS security.

President Joe Biden on Monday sent a letter to the House of Representatives and the Senate to extend an executive order regarding sanctions issued in response to cyberattacks. Executive Order 13694, issued in 2015 by president Barack Obama, enables authorities to block the property of entities engaging in "Significant malicious cyber-enabled activities."

Last year's abrupt transition to working from home shifted certain security objectives in order to protect all the new remote endpoints. Fileless malware attacks have grown in popularity largely due to their ability to evade detection by traditional endpoint protection.