Security News

A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology systems have experienced some sort of cyber incident in the past year. Fortinet's 2021 State of Operational Technology and Cybersecurity Report is based on responses received in late February and early March from 100 people working for organizations with more than 2,500 employees in the manufacturing, energy and utilities, healthcare, and transportation sectors.

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cybersecurity norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

Accellion failed to notify customers of a zero-day vulnerability in its file transfer application and related cyber-attacks targeting the security flaw, according to a new report from professional services firm KPMG. FTA is a large file transfer service that was retired at the end of April 2021, after being in use for roughly 20 years. At the time of attack, FTA still had roughly 50 customers, and some already confirmed impact from the incident, including The Reserve Bank of New Zealand, the U.S.-based law firm Jones Day, the Office of the Washington State Auditor, and security and compliance solutions provider Qualys.

The U.S. National Security Agency used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service.

Imperva introduces a new data privacy solution to help organizations discover, identify and protect personal data in any on-prem, cloud, hybrid and multi-cloud environment. Today, more than 107 countries have enacted data privacy or protection laws including the right to be forgotten, the right to know what data they have, the right to rectify errors, and the right to port personal data.

Today, Cato Networks has released an analysis of the network flows across its platform during Q1, 2021, seeking anomalous behavior in approximately 200 billion traffic flows during Q1, 2021. "Blocking network traffic to and from 'the usual suspects' may not necessarily make your organization more secure," comments Etay Maor, senior director of security strategy at Cato Networks.

Users of video cameras from home gadget maker Eufy are reporting that their video feeds seem to have been getting mixed up. Apparently, it's not so much that anyone could sneakily login as user X and snoop on X's video feed remotely.

British infosec accreditation body CREST has declared that it will not be publishing its full report into last year's exam-cheating scandal after all, triggering anger from the cybersecurity community. "The Report of the Independent Investigator contains information that was obtained in confidence and in line with both the terms of the Process and CREST's Complaints and Resolution Measures, the Report is confidential and cannot be made public," said CREST in an update published on its website late on 10 May, right before the CyberUK conference began.

Many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. Cynet addresses this gap with the IR Reporting for Management PPT template, providing CISOs and CIOs with a clear and intuitive tool to report both the ongoing IR process and its conclusion.

Colonial Pipeline Co., operator of the largest U.S. fuel pipeline, reportedly paid $5 million to criminals behind a ransomware attack that has sent fuel prices spiking up and down the East Coast. Sources familiar with the payout told Bloomberg that representatives of Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption tool that allowed the firm to restore its computer network disabled in last week's attack.