Audio-based social app Clubhouse has allegedly suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service. The app, which launched in March 2020, has quickly gained popularity, raising $100 million in funding in January.
Digital Shadows highlighted the growing role of Initial Access Brokers within the criminal ecosystem within its Initial Access Brokers Report. Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups.
Reddit has named Allison Miller as Chief Information Security Officer (CISO) and VP of Trust. An industry expert and innovator, Miller will oversee the Safety and Security teams at Reddit where she’ll be responsible for expanding trust & safety operations and data security, as well as evolving programs to mitigate security challenges and risks. Miller will also redesign Reddit’s trust frameworks and transparency efforts to enable further growth across the platform.
Sequoia Capital, one of the largest and most successful venture capital firms in the world, has told its investors that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished, according to an Axios report.
Positive Technologies expert Egor Dimitrenko discovered a high-severity vulnerability in the VMware vSphere Replication data replication tool. This solution allows organizations to create backups of virtual machines and run them if the main virtual machine reports a failure. The bug could have allowed attackers with access to the VMware vSphere Replication administration web interface to execute arbitrary code on the server with maximum privileges and start lateral movement on the network to seize control of the corporate infrastructure.
International SOS recently released its Risk Outlook report, unveiling the top security risks for the international workforce in 2021. Here, we talk to Jeremy Prout, Director of Security at International SOS, to discuss how to protect the workforce against the top risks found within the report.
Nuspire announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.
Accurics unveiled its latest research, “Accurics Cloud Cyber Resilience Report,” which highlights security risks identified in cloud native environments. The findings reveal an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks. Of all violations identified, 23% correspond to poorly configured managed service offerings – largely the result of default security profiles or configurations that offer excessive permissions.
2020 and COVID-19 taught us a few things in the security industry: the importance of security awareness, speed of deployment is not always a good thing, and assuming new levels of risk such as “remote work force”. With so many challenges still on the horizon, here are some of the key topics to have on top of mind:
As the cybersecurity community slowly recovers from the SolarWinds Orion breach, we speak to Michael Bahar, a leader in cybersecurity and privacy, about the aftermath of this attack. Bahar is a partner in the Washington D.C. office of Eversheds Sutherland (U.S.) LLP, and the firm’s Litigation practice. He was Deputy Legal Advisor to the National Security Council at the White House, former Minority Staff Director and General Counsel for the U.S. House Intelligence Committee, and a former Active Duty Navy JAG.