2021 and Risk - Cyber Security Informer

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

AUGUST 10, 2021

Microsoft said attackers have seized upon CVE-2021-36948 , which is a weakness in the Windows Update Medic service. Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. However, we strongly believe that the security risk justifies the change.

Software

Software Internet Internet Backups

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. So, how can you conduct a DLP risk assessment? What is a DLP Risk Assessment? Why Conduct a DLP Risk Assessment? Protecting sensitive data is what cybersecurity is all about.

Risk

Risk Cybersecurity Data breaches Cyber threats

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

eSecurity Planet

MARCH 24, 2025

Vulnerability analysis and exploit details The breach appears to be linked to a well-known vulnerability CVE-2021-35587 which affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. Beyond mass data exposure, there are heightened risks of credential compromise, corporate espionage, and potential extortion.

Risk

Risk Passwords Hacking Encryption

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

The Last Watchdog

MARCH 12, 2025

This new agentic AI solution leverages semantic reasoning to analyze application code and logic in real time, delivering deterministic vulnerability detection, contextual risk prioritization, and automated remediation. San Jose, Calif., Aptoris AI-driven approach goes beyond traditional static analysis. Users can learn more at [link].

Risk

Risk Engineering Digital transformation Technology

Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario

Daniel Miessler

APRIL 20, 2021

Casey also added that Acceptable Risk would be being willing to get punched in the face. threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the face — cje (@caseyjohnellis) April 19, 2021.

Risk

Risk Information Security

2021 predictions: Quantifying and prioritizing cyber and business risk

Tech Republic Security

JANUARY 25, 2021

Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.

Risk

12 Online Resolutions for 2021

Adam Levin

DECEMBER 16, 2020

Here are 12 New Year Resolutions for a safer and more secure digital you in 2021: Think before you click that email link: 2020 was a record-breaking year for ransomware, malware, and phishing , and many, if not most of these attacks were launched with the click on a link in an email. It’s not worth the risk.

VPN

VPN Antivirus Passwords Backups

Security and Human Behavior (SHB) 2021

Schneier on Security

JUNE 4, 2021

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself.

Risk

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Context of risk. The Ukraine-Russia war is a grim example of geopolitical risk intersecting with cyber security risk. Cyber in a silo?

Cyber Risk

Cyber Risk Risk Marketing Data privacy

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. Related: The targeting of supply chains. In 2022 we expect to see more aggressive and complex ransomware efforts. Central importance of identity.

CISO

CISO Ransomware Risk Authentication

Gartner: Top security and risk management trends for 2021

Tech Republic Security

MARCH 23, 2021

The 8 top trends cited will enable rapid reinvention, including the skills gap, cybersecurity mesh and identity-first security.

Risk

Risk Cybersecurity

Opportunities and risks of AI coding assistants

BH Consulting

DECEMBER 6, 2024

This blog will explore the advantages and risks these AI tools bring, along with actionable steps to integrate them responsibly into business practices. Key security and privacy risks Despite these benefits, there are inherent risks in relying on AI coding assistants. Establish an AI usage policy.

Risk

Risk Data privacy Information Security Software

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. Use Privileged Access Management (PAM) solutions.

Ransomware

Ransomware IoT Encryption Social Engineering

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. You’ll significantly reduce your risk if you enforce a minimum security bar for all devices accessing your data. Ransomware? I think you may have heard of it, isn’t the news full of it? Related: Make it costly for cybercriminals.

Ransomware

Ransomware Risk Internet Internet

Upcoming Speaking Engagements

Schneier on Security

SEPTEMBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live —an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity Magazine EMEA Autumn Online Summit on September 21, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in Plano, Texas, USA, September 22-23, 2021.

Data privacy

Data privacy Cyber Risk Risk Cybersecurity

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

. “According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures.”

Hacking

Hacking Risk Cybersecurity Government

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. High-risk vulnerabilities can cause errors in applications and affect customers’ business. More than a third (39%) used the microservice architecture.

Passwords

Passwords Authentication Architecture Risk

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

DECEMBER 2, 2021

In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 In the end, the issue is clear — our data is at risk. billion this year. This emerging technology can stop unauthorized data removal, disable any attacks and stop data theft extortion before damage is done.

Ransomware

Ransomware Technology Cybersecurity Backups

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

. “These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. Violators risk penalties, with sanctions aimed at encouraging behavioral change rather than punishment.

Cybersecurity

Cybersecurity IoT Hacking Technology

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

With RSA Conference 2021 technical sessions getting underway today, I sat down with Fred Kneip, CEO of CyberGRX , to hash over the notion that a lot of good could come from more systematic sharing of the risk profiles that large enterprises routinely compile with respect to their third-party contractors. Crowdsourcing risk profiles.

Risk

Risk Cyber Risk Insurance Banking

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. government military which country will not hand me over” -“U.S. million customers. .”

Hacking

Hacking Government Identity Theft Accountability

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

We caught up with The Manipulaters again in 2021, with a story that found the core employees had started a web coding company in Lahore called WeCodeSolutions — presumably as a way to account for their considerable Heartsender income. “Presumably, these buyers also include Dutch nationals.

Phishing

Phishing Cybercrime Advertising Malware

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

2021 saw a massive increase in phishing attacks , and that trend has continued into 2022. With more and more people working remotely, unsecured home or public WiFi networks represent a security risk not only to individuals but to their companies as well.

Risk

Risk Cybersecurity Antivirus Phishing

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

The Last Watchdog

DECEMBER 9, 2021

In 2021 we witnessed the continuation of the seismic shift in how people work, a change that started at the beginning of the global pandemic. The acceleration of cloud, mobility, and security initiatives proved to be critical for organizations looking to weather the new threats and disruptions.

Mobile

Mobile IoT Cybersecurity Digital transformation

Zero-Day Vulnerabilities Are on the Rise

Schneier on Security

APRIL 27, 2022

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014.

Ransomware

Ransomware Risk Malware Hacking

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. CVE-2024-8357 : Lack of root of trust in App SoC, risking persistent attacker control by bypassing boot security checks. ” reads the advisory.

Hacking

Hacking Firmware Software Manufacturing

SSRF Exploitation Surge Highlights Evolving Cyberthreats

eSecurity Planet

MARCH 12, 2025

This alarming trend highlights the persistent risks that organizations face from evolving attack methods. Attackers have been leveraging vulnerabilities such as: CVE-2020-7796 affecting the Zimbra Collaboration Suite CVE-2021-21973 and CVE-2021-22054 impacting VMware products Multiple CVEs in GitLabs CE/EE versions.

Risk

Risk Software Cybersecurity

How to protect your business and its data during the 2021 holiday season

Tech Republic Security

DECEMBER 9, 2021

Here's what businesses can do to protect themselves from elevated holiday cybersecurity risks. It's the first year of major holiday travel in the post-pandemic remote work world.

Risk

Risk Cybersecurity

The Most Common DNS Security Risks in 2024 (And How to Mitigate Them)

Heimadal Security

JULY 30, 2024

DNS security risks are everywhere, and the stats show it too. A 2021 IDC survey of over 1,100 organizations across North America, Europe, and the Asia Pacific revealed that 87% had encountered DNS attacks. The average cost per attack was approximately $950,000 globally, rising to about $1 million for organizations in North America.

DNS

DNS Risk

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. As such, analysts are hit with a deluge of low-quality alerts, increasing the risk of missing genuine threats. We can only hope that they do.

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

Report Unveils Cybersecurity Leaks in U.S. Drinking Water Systems

SecureWorld News

NOVEMBER 18, 2024

Among the key findings: Widespread vulnerabilities: The OIG's passive assessment revealed critical or high-risk vulnerabilities in 97 drinking water systems serving more than 26.6 According to a 2021 report by the Water Sector Coordinating Council (WSCC) , the majority of the 52,000 drinking water systems in the U.S. million people.

Cybersecurity

Cybersecurity Risk Penetration Testing Technology

Weekly Update 252

Troy Hunt

JULY 15, 2021

References Chrome is continuing the push towards defaulting to HTTPS and flagging HTTP as a security risk (I'm yet to hear a single good argument against their approach, but I've heard lots of bad ones!) Only Vendor with 100% recommendation.

IoT

IoT Risk

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk. This significantly reduces the risk of unauthorized access. Employee training and awareness: Human error is a leading cause of security breaches.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

AMOS and Lumma stealers actively spread to Reddit users

Malwarebytes

MARCH 18, 2025

It already reached its end of life in December 2021 and no longer receives official security updates, making it prone to exploitation and compromise. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline. Upon checking that website, we can see that it leaks its PHP version (7.3.33).

Cryptocurrency

Cryptocurrency Malware Scams Antivirus

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Malwarebytes

DECEMBER 9, 2024

de Vries in 2021. Privacy risks should never spread beyond a headline. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted for the murder of Dutch journalist Peter R. Although I appreciated the hint of the splash page to the media franchise The Matrix.

Encryption

Encryption VPN Media Marketing

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with Conti ransomware on May 14, 2021.

Healthcare

Healthcare Ransomware Antivirus Hacking

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk

Risk DDOS Data breaches Encryption

3D Printing with Kids on Lenovo Yoga 7i

Troy Hunt

AUGUST 5, 2021

pic.twitter.com/iQcIMplt4s — Troy Hunt (@troyhunt) January 6, 2021 I'd always liked the idea of a 3D printer, but I had absolutely no idea where to start. Here's where it all started: Looking at a mate’s Prusa i3 printer and getting a bit tempted, what are folks using out there for hobby projects?

Education

Education Technology Software Retail

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

The Last Watchdog

JANUARY 27, 2022

Merger and acquisition (M&A) activity hit record highs in 2021, and isn’t expected to slow down anytime soon. Throughout this period, the risk level of the acquirer is much higher than the acquired company, creating a major cybersecurity gap as they merge their tech stack and security tools together. Post-Close Risks.

Marketing

Marketing Data privacy Risk Accountability

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The security breach poses a major national security risk. The carrier suffered multiple data breaches in the last years, the last one in order of time took place in December 2021 when it disclosed a data breach that impacted a “very small number of customers” who were victims of SIM swap attacks.

Mobile

Mobile Telecommunications Data breaches Hacking

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A single mistake can pose a significant risk to infrastructure and to the public. In 2021, for example, hackers attempted to manipulate the chemical levels in a Florida water treatment plant by breaching remote access systems. Change your encryption keys periodically to reduce the risk of keys being exposed.

IoT

IoT Firmware Encryption Authentication

Adversarial Machine Learning and the CFAA

Schneier on Security

JULY 23, 2020

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities.

Risk

Risk Hacking

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

OCTOBER 15, 2024

The American Water cyber breach underscores the risk of cyber threats in various sectors traditionally seen as less vulnerable compared to industries like finance or healthcare. 7 How To Avoid Such Cyberattacks Utility companies, like American Water, face increasing risks from cybercriminals.

Cybersecurity

Cybersecurity Penetration Testing Cyber threats Firewall

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome! pic.twitter.com/iHxgFeg9GN — Troy Hunt (@troyhunt) March 10, 2021 That's not including all the queries against the freely downloadable data either so really, I have no idea how much it's used.

Passwords

Passwords IoT Password Management Data breaches

Microsoft Patch Tuesday, August 2021 Edition

From Risk Assessment to Action: Improving Your DLP Response

Trending Sources

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario

2021 predictions: Quantifying and prioritizing cyber and business risk

12 Online Resolutions for 2021

Security and Human Behavior (SHB) 2021

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

Gartner: Top security and risk management trends for 2021

Opportunities and risks of AI coding assistants

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Upcoming Speaking Engagements

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Top 10 web application vulnerabilities in 2021–2023

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

Zero-Day Vulnerabilities Are on the Rise

Mazda Connect flaws allow to hack some Mazda vehicles

SSRF Exploitation Surge Highlights Evolving Cyberthreats

How to protect your business and its data during the 2021 holiday season

The Most Common DNS Security Risks in 2024 (And How to Mitigate Them)

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Report Unveils Cybersecurity Leaks in U.S. Drinking Water Systems

Weekly Update 252

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

AMOS and Lumma stealers actively spread to Reddit users

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Inside Ireland’s Public Healthcare Ransomware Scare

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

3D Printing with Kids on Lenovo Yoga 7i

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

Adversarial Machine Learning and the CFAA

American Water Shuts Down Services After Cybersecurity Breach

Home Assistant, Pwned Passwords and Security Misconceptions

Stay Connected