MuySeguridad Recaps (CXXI): Trellix, Data Breaches, Supply Chain

Don’t call it McAfee, don’t call it FireEye, call it Trellix. The name change of the new corporation that arises after the union of two of the computer security giants has been one of the news of the week and with which we start a new edition of our MuySeguridad Recaps.

This week we have also told you about the efforts that Samsung is making to strengthen the security of its devices and services, for which we have had the opportunity to interview its VP.

Also how the supply chain of companies has become one of the strategic targets for cybercriminals in 2021, in a trend that will continue to worsen throughout this year, or how denial of service attacks begin to include ransom demands. Let’s start!

Seungwon Shin (Vice President Samsung Electronics) “We are always looking for new ways to improve the security of our products and services”

Samsung Electronics is synonymous with technological innovation, a role that has led the company to become one of the most important groups in the sector. And not only because of its devices, although obviously these are usually the most visible face of the company. They also produce all kinds of components (from processors to screens) for other manufacturers, they open innovation paths that are then followed by other manufacturers and, of course, they take into account the safety of their products and services.

McAfee Enterprise and FireEye change names after their purchase and merger

Last year, McAfee Enterprise was sold to the investment fund Symphony Technology Group (STG) for $4 billion. Three months later, in June, STG also acquired FireEye for $1.2 billion.

After the operation, Symphony Technology Group began the process of merging both companies, which was completed in October, in addition to appointing Bryan Palma as CEO of the merger. But it has not been until now when the new name that the company resulting from the merger will have has been made public: Trellix.

Data breaches: we close 2021 with good news

Writing about data breaches, or about cybersecurity in general, can end up making one a bit pessimistic, because the profusion of news about attacks, increases in the use of certain techniques, effects of vulnerabilities… can be overwhelming.

However, it is not all bad news, and there are some that are, in fact, particularly positive. It is a great joy to be able to talk about them, as I am going to do next. And it is that, as we can read in The Last Watchdog, the statistics on data breaches for the last quarter of 2021 are exceptionally good.

Critical vulnerability in HTTP, patch Windows now!

It is no longer necessary, at this point, to mention the importance of the HTTP protocol in our day to day life, so in the face of a vulnerability, it is convenient to act at full speed.

Such is the case, as we have learned, with the vulnerability CVE-2022-21907, which affects the Windows HTTP network stack. This is what we can read on the page published by Microsoft to report this vulnerability and, at the same time, offer the necessary measures to mitigate the risk.

Attacks on the supply chain: The EU is put to the test

Supply chain attacks have become one of the most worrying threats. And it is that unlike other types of attacks, in which it is in our hands to establish all the security measures, in this case we can find ourselves exposed by the deficient security policies of third parties, which largely escape our control. control. And the problem is that, when it comes to IT, it is common to have a wide set of providers.

DDoS: ransom demand attacks are on the rise

Distributed denial of service DDoS attacks have been a constant on the Internet for many years. From time to time we hear that the record in the magnitude of such attacks has been broken, and for almost the entire year 2020 and part of 2021, we experienced a huge boom in the number of them.

And why have they grown in popularity since the pandemic? Well, as an unwanted effect of the teleworking boom. The potential impact of a DDoS attack on a business is much greater if its workforce is scattered due to lockdowns and quarantines. Cybercriminals are aware of the great impact that infrastructure downtime can have in this context and, consequently, they have decided to take advantage of it as much as possible. It is what has been called RDoS, Ransom Denial of Service.

How to strengthen Internet security to start the year off right

Maintaining security on the Internet is not an easy task in the midst of threats from all kinds of malware; software vulnerabilities; service violations and data leakage; fakes and disinformation campaigns; a galloping loss of the right to privacy and all kinds of attacks with Ransomware and Phishing as exponents, as you could see in the selection of the worst incidents of 2021.

And it is that the number of devices connected to the global network has grown exponentially, with everything that has come from mobility, home automation, smart cars or Internet of Things devices. If we add the pandemic and the transfer of millions of employees and students from professional networks to home networks (generally more insecure), we have a scenario that poses a challenge to stay safe from computer threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *