5 New cybersecurity threats and challenges facing the financial services sector

It’s been a mixed year for the financial services sector. Some companies have seen increased demand for their services, while others have struggled to deal with the downturn in mortgage deals and reduced consumer spending. At a more granular level, many financial services companies have also had to deal with new ways of work, including … Continue reading 5 New cybersecurity threats and challenges facing the financial services sector

Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices. In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services … Continue reading Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

Hackers leak stolen Pfizer COVID-19 vaccine data online

The European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. EMA is a decentralized agency responsible for reviewing and approving COVID-19 vaccines, as well as for evaluating, monitoring, and supervising any new medicines introduced to the EU. "The ongoing investigation of … Continue reading Hackers leak stolen Pfizer COVID-19 vaccine data online

United Nations data breach exposed over 100k UNEP staff records

Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated with … Continue reading United Nations data breach exposed over 100k UNEP staff records

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise … Continue reading Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security