Security News

North Korean hackers tried to break into the computer systems of pharmaceutical giant Pfizer in a search for information on a coronavirus vaccine and treatment technology, South Korea's spy agency said Tuesday, according to reports. The impoverished, nuclear-armed North has been under self-imposed isolation since closing its borders in January last year to try to protect itself from the virus that first emerged in neighbouring China and has gone on to sweep the world, killing more than two million people.

Election systems in the U.S. are vulnerable to cyber intrusions similar to the one that hit federal agencies and numerous businesses last year and remain a potential target for foreign hacking, according to a report released Wednesday. The report by the Center for Internet Security, a nonprofit that partners with the federal government on election security initiatives, focuses on how hardware and software components can provide potential entryways for hackers.

Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. As Accellion FTA service is used by numerous government agencies, educational institutions, and companies, we have begun to see a wide-scale impact as companies report related data breaches.

Image: USCG. The U.S. Coast Guard has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. "Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security."

Dating has been a lot tougher for singles since the onset of the COVID-19 pandemic, forcing many people onto dating apps to supplement the real thing. Most dating apps require users to enter a significant amount of information for safety purposes, but a new report from Mozilla has found that some of the most popular dating apps take a lot more data from you than you'd expect.

Despite all of this, less than 20% of 2020 security budgets were spent on Insider Risk - and more than half of organizations don't have a formal Insider Risk response plan in place. Forrester predicts that 1 in 3 data breaches in 2021 will stem from insiders, and the Code42 2021 DER found that 6 out of 10 IT security leaders believe insider threats will increase, or increase significantly, over the next two years.

You probably know that many companies these days have a way for bug hunters - some of whom make their living from figuring out out security holes in corporate websites and software - to report problems they've found, and potentially to get paid for their work. As haphazard as this sounds, bug bounty programmes usually follow a well-structured format, and professional bug hunters work carefully within well-defined limits while they're probing for holes.

The number of vulnerabilities discovered in industrial control system products in 2020 increased significantly compared to previous years, according to a report released on Thursday by industrial cybersecurity firm Claroty. According to Claroty, the number of ICS vulnerabilities disclosed in 2020 was nearly 25% higher compared to 2019 and close to 33% higher than in 2018.

There had been hints that a second group of malicious actors may have exploited a SolarWinds bug to install the Supernova backdoor - notably, there was a conclusion by Microsoft back in December that this was the case. That original effort used trojanized software updates for the SolarWinds Orion network-management platform to disseminate the Sunburst malware to SolarWinds customers in a supply-chain attack.

Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday. In late December, a few weeks after it came to light that Texas-based IT management solutions provider SolarWinds was targeted in a sophisticated supply chain attack, researchers from several organizations revealed that one of the pieces of malware they had analyzed, dubbed Supernova, had apparently been used by a second group that was not related to the supply chain attack.