Media coverage - 2021

Apple announced it will start enforcing a new privacy notification rule that digital advertising firms such as Facebook have warned will hurt their profits. According to a Reuters report, the notices will be mandatory when its iOS 14.5 operating system becomes available. The notices will require an app developer to ask a user's permission before the app can track activity across companies' apps and websites.

According to a new report, communication platforms have allowed attackers to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.

Researchers on Wednesday reported that as the pandemic continued this past year, threat actors adjusted to employee reliance on new communications technologies such as Slack and Discord and launched targeted malware attacks on those platforms.

Gregory Cardiet, our Sr. Director of security engineering, discusses how the latest SolarWinds incident has served as a wake up call for organizations to be vigilant against supply chain attacks.

Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.

Our CEO, Hitesh Sheth, says that SolarWinds should be remembered as a trigger for companies to improve their security posture and be prepared for that inevitable breach. He believes that the current state of cybersecurity incident response needs to change from focusing on prevention to instead focus on preparedness.

More than a half-billion Facebook users had their personal information leaked in the latest reported breach that has brought attention back to the social media giant's poor record of protecting users' data and privacy.

PCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). If something happens on the network, PCAP knows about it. Whether it is malware moving data around, or staff arranging a private party, it can be captured and then analyzed.

Account takeover in Office365 is said to become the largest security threat in the cloud. Vectra acknowledges this and in an interview with Security MEA, Ammar Enaya, regional director – Middle East, Turkey & North Africa (METNA) at Vectra AI elaborates some of the key points related to cyber-attacks and Office 365.

CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSER—to investigate whether their Microsoft Exchange Servers have been compromised.

Underscoring the continued potential threat from the recently discovered exploitation of vulnerabilities in Microsoft Exchange Servers, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to take a number of actions to shore up security, including immediately scanning the servers for malware.

Recent breaches have underscored the dangers of overprivileged user accounts and software processes, highlighting the need for companies to discover and mitigate the privileged accounts that could be used by attackers to further compromise important systems and applications.

More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.

CISA encourages all organizations to fix Microsoft Exchange vulnerabilities in the wake of massive exploitation campaigns targeting the software. Tim Wade from Vectra discusses how CISA has instructed organizations with insufficient cybersecurity expertise to fully disconnect their on-premises Exchange infrastructure instructions for rebuilding and reprovisioning are provided.

The Cybersecurity and Infrastructure Security Agency is ordering federal executive branch agencies to rescan and recheck their networks by Monday for any signs of compromise related to unpatched vulnerabilities in on-premises Microsoft Exchange email servers. In addition, the agencies have until June 28 to implement CISA's recommended steps to harden their infrastructure against attacks.

Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary’s emails, among others. The SolarWinds cyberattackers compromised the head of the Department of Homeland Security (DHS) under former president Trump and other top-ranking members of the department’s cybersecurity staff, according to a report.

Suspected Russian hackers managed to access the emails of Donald Trump’s last Department of Homeland Security (DHS) chief, in an intelligence coup for the Kremlin, according to a new report. Email accounts belonging to then-acting secretary Chad Wolf were reportedly compromised by attackers during the months-long campaign, although it’s not clear what information was taken. Email accounts belonging to cybersecurity staff whose job it was to tackle foreign cyber-threats were also apparently affected.

The latest confirmed victim in the now infamous SolarWinds Worldwide hack is reported to be the U.S. Department of Homeland Security, as email accounts belonging to the then-DHS head and cybersecurity staff were breached.

Two high-ranked Apex Legends players have been banned from the platform for cheating by launching distributed denial-of-service (DDoS) attacks on an Xbox server. The players, who had achieved the rank of “Apex Predators” in the console version of the game haven’t been named, but the whole thing went down publicly on Reddit’s r/apexlegends forum over the weekend.

Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of homeland security (DHS) and members of cybersecurity staff whose jobs included hunting threats from foreign countries, the Associated Press (AP) has learned.

Les failles de sécurité Proxylogon, qui touchent les serveurs de Microsoft Exchange, ont ouvert la voie à des cyberattaques ciblées, telles que le spear phishing ou le déploiement de rançongiciels, malgré le correctif de sécurité apporté en urgence. Entreprises et collectivités locales restent très vulnérables.

Slack rolled out a new cross-organizational direct messaging feature, and hours later disabled the option to send a message alongside an invite due to concerns that the feature could be used to send abusive messages or enable harassment. Our CTO, Oliver Tavakoli, shares his thoughts.

Messaging platform provider Slack Technologies Inc. has partially rolled back a new direct-message feature hours after launching it due to concerns that it could be used for harassment. Oliver Tavakoli, our CTO, shared that when a collaboration platform adds features which extend beyond a single organization’s boundary, a complex set of issues inevitably arises.

Business communications platform Slack rushed to take action on Wednesday after customers raised security-related concerns regarding a new feature that allows users to send direct messages to any other Slack user.

The ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.