Security News

AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network, leaving enterprise customers exposed to malicious cyberattack.

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website. CNA is considered the sixth-largest commercial insurance company in the USA, according to the Insurance Information Institute, and offers a wide range of insurance products, including cyber insurance policies.

A former IT contractor has been sentenced to two years in prison after hacking into a company's server and deleting the majority of its employees' Microsoft Office 365 accounts. On Aug. 8, 2018, Kher then hacked into the company's server and deleted over 1,200 of its 1,500 O365 user accounts.

Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen. MangaDex is one of the largest manga scanlation sites where visitors can read manga comics online for free.

Following a performance audit conducted between September 2019 and March 2021, GAO has discovered that the electricity grid's distribution systems are increasingly vulnerable to cyber-attacks and that the potential impact of such attacks is not yet clear. After conducting semistructured interviews with 38 key federal and nonfederal entities associated with the cyber-security of grid distribution systems and reviewing reports from both DOE and the Department of Homeland Security and other relevant documentation, GAO has concluded that, in its plans to implement the national cyber-security strategy, DOE needs to fully address cyber-risks to the grid's distribution systems.

Cylera announced the company secured $10 million in Series A funding, led by Concord Health Partners and Maverick Ventures. With the Series A close, Cylera brings the company's total funding to $17 million with investment from Concord Health Partners, Maverick Ventures, Contour Venture Partners, Two Sigma Ventures, Dreamit Ventures, Great Oaks Venture Capital, Red Bear Angels and Samsung NEXT. "Over the past year there has been a further acceleration of the digitalization and adoption of IoT devices across hospitals, pharmaceutical companies, biotech, life sciences and manufacturing, which can decrease operational risk and increase efficiencies," said Timur Ozekcin, Co-founder and CEO of Cylera.

COVID-19 dominated everyone's lives throughout 2020 but a new report from cybersecurity company Trend Micro found that the pandemic was also the main theme of nearly 16.5 million threats and attacks launched against its customers. The report found that most of the COVID-19-themed attacks came from the countries hit hardest by the pandemic, with nearly 40% of the threats coming from the United States.

Pentest People has announced its new Red Team Assessment Service which is designed to help organizations to improve their defences against advanced persistent threats. In a routine penetration test, organizations commission Pentest People's cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom.

As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept whirlwind has started up. Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange servers.

Email scamming is still one of the most effective types of attacks in the coronavirus era, according to Kaspersky, since fear and anxiety are two of the most-exploited emotions for this kind of social-engineering attack. In 2020, delivery services entered the top ten most-spoofed organizations for these types of attacks, according to Kaspersky.