Documents on COVID-19 vaccines and medications - including some containing personal information - that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the internet.
A recently identified mobile remote access Trojan dubbed "Rogue," which exploits Google's Firebase development platform, targets Android devices to exfiltrate personal data and can deliver other malware, according to Check Point Research. The RAT is being offered for sale or rent in darknet forums.
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
A vulnerability in a GitHub repository belonging to the United Nations Environment Program exposed over 100,000 employee records, including personally identifiable information, contact details and other sensitive data, according to a group of independent security researchers. The flaw has been patched.
The "Sunburst" backdoor deployed in the breach of SolarWinds' Orion network monitoring tool uses some of the same code found in the "Kazuar" backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.
The "remote workforce" of 2020 is gone. Now we're talking about the new, permanent "branch office" - and it comes with its own unique set of cybersecurity concerns, says Derek Manky of FortiGuard Labs. He discusses new social engineering trends and how to respond.
The U.S. federal court system is investigating an "apparent compromise" of a confidential electronic filing system used for sensitive legal documents. Meanwhile, it has suspended its use of the hacked SolarWinds' Orion system and changed document security procedures while conducting an audit.
The U.S. Department of State has announced plans to create a Bureau of Cyberspace Security and Emerging Technologies to enhance its security and help it deal with international cybersecurity issues. But it remains to be seen if those plans will be carried out by the incoming Biden administration.
As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S. cybersecurity czar Chris Krebs and former Facebook CSO Alex Stamos as advisers.
From contact tracing to data transfer to the new California Privacy Rights Act, 2021 already is shaping up to be a big year for privacy. Trevor Hughes, CEO and president of the International Association of Privacy Professionals, offers a "state of privacy" overview.
Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls. A recently disclosed vulnerability in the company's firmware can create a hard-coded backdoor.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.