Security News
The United States National Security Agency has released its 2020 Cybersecurity Year in Review report, which summarizes the NSA Cybersecurity Directorate's first full year of operation. The Cybersecurity Directorate remained true to its goal throughout 2020, the report claims, working to prevent and eradicate cyber threats through combining threat intelligence and cryptography knowledge with vulnerability analysis and defense operations.
Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents. Dassault Falcon Jet is the US subsidiary of French aerospace company Dassault Aviation which designs and builds military aircraft, business jets, and space systems.
President-elect Joe Biden has reportedly tapped the National Security Agency's cybersecurity director to serve in a brand-new cyber-role on his National Security Council. Sources told Politico that Neuberger will thus be in charge of coordinating cybersecurity across the federal government's agencies and departments.
Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports. The New York Times and Reuters reported on Wednesday that cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal.
It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports. The New York Times reported over the weekend that the SolarWinds supply chain attack is believed to have impacted as many as 250 government agencies and businesses.
United Kingdom's Information Commissioner's Office has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. The UK independent authority urged organizations using compromised versions of the SolarWinds Orion IT management platform to check for evidence of attackers infiltrating their network and gaining access to personal information.
Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump. This year, submissions for vulnerability submissions through Bugcrowd recorded a 50% increase, while for Priority 1 reports there was a growth of 65%. Web apps remain in the hackers' top preferences, although they are diversifying the targets to stay competitive.
The U.S. Department of Homeland Security, plus the Treasury and Commerce departments, have been hacked in an attack related to the FireEye compromise last week, according to reports. SolarWinds acknowledged the bug in an advisory over the weekend, saying that exploitation of the issue must be done in a "Narrow, extremely targeted, and manually executed attack," and was likely the work of a nation-state.
Report finds that over half the malware attacks in Q3 could bypass signature-based malware protection. WatchGuard's latest Internet Security Report finds that cybercriminals shifted their focus to network attacks and sending malware over encrypted channels during the third quarter.
Complimenting our focus is a Threatpost eBook Healthcare Security Woes Balloon in a Covid-Era World that neatly packages our complete in-depth report on the topic. Threatpost's eBook examines these inherent security challenges, as well as how COVID-19 has drastically reshaped the healthcare space over the past year when it comes to security risk.