Security News

Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. As Accellion FTA service is used by numerous government agencies, educational institutions, and companies, we have begun to see a wide-scale impact as companies report related data breaches.

Image: USCG. The U.S. Coast Guard has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. "Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security."

Dating has been a lot tougher for singles since the onset of the COVID-19 pandemic, forcing many people onto dating apps to supplement the real thing. Most dating apps require users to enter a significant amount of information for safety purposes, but a new report from Mozilla has found that some of the most popular dating apps take a lot more data from you than you'd expect.

Despite all of this, less than 20% of 2020 security budgets were spent on Insider Risk - and more than half of organizations don't have a formal Insider Risk response plan in place. Forrester predicts that 1 in 3 data breaches in 2021 will stem from insiders, and the Code42 2021 DER found that 6 out of 10 IT security leaders believe insider threats will increase, or increase significantly, over the next two years.

You probably know that many companies these days have a way for bug hunters - some of whom make their living from figuring out out security holes in corporate websites and software - to report problems they've found, and potentially to get paid for their work. As haphazard as this sounds, bug bounty programmes usually follow a well-structured format, and professional bug hunters work carefully within well-defined limits while they're probing for holes.

The number of vulnerabilities discovered in industrial control system products in 2020 increased significantly compared to previous years, according to a report released on Thursday by industrial cybersecurity firm Claroty. According to Claroty, the number of ICS vulnerabilities disclosed in 2020 was nearly 25% higher compared to 2019 and close to 33% higher than in 2018.

There had been hints that a second group of malicious actors may have exploited a SolarWinds bug to install the Supernova backdoor - notably, there was a conclusion by Microsoft back in December that this was the case. That original effort used trojanized software updates for the SolarWinds Orion network-management platform to disseminate the Sunburst malware to SolarWinds customers in a supply-chain attack.

Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday. In late December, a few weeks after it came to light that Texas-based IT management solutions provider SolarWinds was targeted in a sophisticated supply chain attack, researchers from several organizations revealed that one of the pieces of malware they had analyzed, dubbed Supernova, had apparently been used by a second group that was not related to the supply chain attack.

Apps that tracked and sold people's whereabouts were more prevalent than perhaps first thought. A report out today has identified 450 Android apps downloaded 1.7 billion times that used SDKs to track the location of smartphones.

The U.S. Federal Trade Commission said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. "2020's biggest surge in identity theft reports to the FTC related to the nationwide dip in employment," the FTC said.