It’s that time of year again: WhiteSource’s annual State of Open Source Security Vulnerabilities for 2021 is here. Once again, when 2020 came to a close, our research team took a deep dive into the WhiteSource database to learn what’s new and what stayed the same in the ever-evolving world of open source security.

Intel 471 researchers have identified a new malicious document builder, dubbed “EtterSilent,” leveraged by various threat actor groups. One of the build options is a weaponized Microsoft Office document (maldoc) that uses malicious macros to download and execute an externally hosted payload. The maldocs pose as templates for DocuSign, a cloud-based electronic signature service.

Phishing exercises are an important tool towards promoting security awareness in an organization. Phishing is effective, simply because it works. However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test. Sometimes, the phish can be sent at a time of day that catches the recipient off-guard, which causes a person to click the malicious link.

With software supply chain attacks on the rise, are you wondering how you can recover quickly from the recent SolarWinds breach at your company? Months after its discovery, the devastating SolarWinds hack remains a top concern for business, government and IT leaders. This destructive supply chain attack put the spotlight on software development security — a critical issue for the DevOps community.

Bridging the gap between Security, Compliance and DevOps teams can be a challenging cultural shift to address. DevOps teams are eager to get software out faster and more efficiently, yet security best practices, like policy-as-code, need to be integrated from the outset to streamline the development process in this new cloud-native world.

Some of the most iconic brands started during crises. As documented in an Entrepreneur article, the Hyatt hotel franchise launched during the 1957-1958 economic recession. Microsoft was founded during the oil embargo in the mid-1970s, and several prominent tech brands, including Uber and Airbnb, were created during the Great Recession. For today’s entrepreneurs, the lesson is simple: Don’t let these uniquely disruptive times deter innovation. Many are already embracing this mindset.

Monitoring your on-prem and hybrid cloud infrastructure has always been important. With an ever-growing rise in cyber attacks, zero-day exploits, and insider threats, keeping track of your infrastructure has a renewed level of significance. Microsoft Exchange is one of the most prominent enterprise systems in use today, with both cloud and on-prem iterations.

The Oldsmar, Florida, water breach is two months behind us, but the lessons learned will continue to reverberate for thousands of budget-constrained municipal utilities in North America, as well as other regions across the world.

Over time technologies evolved and now things that seemed to be not possible several years ago become the reality. Now you can order food, services, and basically anything you need online, and pay for it without leaving home. No surprise here, that cash payments are becoming a relic of the past. Along with wireless payments like Google or Apple pay (that still require assigning a banking account or card i.e. physical currency), the cryptocurrencies like Bitcoin are getting widely used.