November 2021 - Cyber Security Minute

Wind Turbine Giant Vestas Confirms Ransomware Involved in Cyberattack

Issued by: Security Week

Vestas became aware of the breach on November 19 and it immediately started shutting down IT systems. Little information was provided when the attack was disclosed, but the company’s description of the incident suggested that it was a ransomware attack. In an update shared on Monday, Vestas confirmed that ransomware was indeed used and that…

Application Security

Source Code Security Firm Cycode Raises $56 Million

Issued by: Security Week

The investment, which brings the total raised by Cycode to $81 million, was led by private equity and venture capital firm Insight Partners, with participation from YL Ventures. The money will be used to fuel sales growth and accelerate product development. CycodeCycode offers a platform designed to address software supply chain security by providing visibility,…

Software Security

Hardware Security Firm Axiado Banks $25M Investment

Issued by: Security Week

The company is building a Trusted Control/Compute Unit (TCU) product that is being positioned as a new class of security processors that provide platform root-of-trust for large enterprise customers. Axiado, which employs approximately 40 in Silicon Valley, said the $25 million Series B investment brings the total raised to $40 million. The round was led…

Malware & Threats

‘Sabbath’ Ransomware Operators Target Critical Infrastructure

Issued by: Security Week

According to a warning from Mandiant, the group previously operated under the names of Arcane and Eruption and was observed last year deploying the ROLLCOAST ransomware. In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners…

Network Security

Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data

Issued by: Security Week

The attack, the Rockville, Maryland-based company says, likely happened in mid-November, when a ransomware group accessed data on certain systems, deployed malware to prevent access to files, and then threatened to leak the exfiltrated files. Despite that, Supernus Pharmaceuticals says it did not experience a significant impact on its business, as its operations were not…

Vulnerabilities

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

Issued by: Help Net Security

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…

Software Security

Products used by children are not nearly as privacy-protecting as they should be

Issued by: Help Net Security

Common Sense Media released a report examining kids’ privacy trends and practices of hundreds of popular technology companies and products over the last five years. The report is the culmination of evaluating privacy policy data from 200 of the most popular companies and products aimed at children and students. The report finds some improvements for…

Network Security

IoT Security: Are Personal Devices Dragging Your Work Network Down?

Issued by: Security Intelligence

How many connected devices have you added to your household since March 2020? Be sure to count fitness trackers, speakers, gaming machines and even your Tesla, if there’s one in your driveway. Were you one of the many people who waited months for a Peloton? Don’t overlook your new bike. Now add in all your…

Malware & Threats

Don’t Help Cybercriminals Dash With Your Customers’ Cash This Black Friday

Issued by: Dark Reading

The excitement of landing a Black Friday bargain will soon fuel online sales across the world. In the US alone, consumers are expected to drop a total of $148.5 billion on Black Friday and Cyber Monday, according to the latest survey data from Finder. In the rush, it’s easy to forget the fundamentals of online…

Software Security

How Sun Tzu’s Wisdom Can Rewrite the Rules of Cybersecurity

Issued by: Dark Reading

These millennia-old words of ancient Chinese military strategist Sun Tzu — to whom The Art of War is attributed — are still very relevant today. The best defense is to avoid an attack in the first place. With the right architecture and approach, it’s possible to shield your environment from the cybersecurity arms race so…