Security News

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security. On Wednesday, NordVPN released a report outlining the proliferation of smart devices and consumer sentiments regarding responsibility for protecting these devices.

The Cyberspace Administration of China has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks.

An Israeli firm accused of supplying spyware to governments has been linked to a list of 50,000 smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports Sunday. The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.

MI5's UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers. McCallum's view is, "For as long as it's cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information - they are bound to keep doing so." The UK house also needs to be got in order - and in both cases the call is for new and stronger legislation.

Palo Alto Networks' Unit 42 has probed the methods and tactics of the Mespinoza ransomware group, finding its messaging "Cocky" and its tools blessed with "Creative names" - but turned up no evidence to suggest the group has shifted to ransomware-as-a-service. The Mespinoza group, while not as prolific as the better-known REvil, has enjoyed considerable success from its activities: Unit 42's investigation showed victims paying up to $470,000 per incident to unlock their files, primarily from targets in the US and UK - including an attack on Hackney Council in October last year.

On Wednesday, Atlas VPN released a report using Identity Theft Resource Center data, outlining personal data breaches for the first half of 2021. "Millions of individuals and organizations are affected every day by cyberattacks that threaten to steal sensitive data. Even though more people have become aware of cyber risks, hackers develop new techniques and malware to stay ahead of defense technologies," reads a portion of the blog post written by William S., an Atlas VPN publisher and cybersecurity researcher.

Much to the derision of expert commentators on social media, the COVID-Status Certification Review details the government's approach to so-called vaccine passports and its response to concerns over their usage. "Any decision to require COVID-status certification will be a discretionary choice for individual organisations to make. However, it is possible that certification could provide a means of keeping events going and businesses open if the country is facing a difficult situation in autumn or winter," it said.

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.

Recognizing the importance of SaaS security, Gartner named a new category, SaaS Security Posture Management, to distinguish solutions that have the capabilities to offer a continuous assessment of security risks arising from a SaaS application's deployment. The results of the 2021 SaaS Security Survey Report present a picture of widespread SaaS application security concerns as well as uncovers less-than-best practices organizations are turning to de facto, while trying to manage the overwhelming amount of SaaS security configurations.

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.