Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. More than ever, now is the time for organizations to prioritize data security. This week we look at some data security trends that are shaping the industry today. Illustration by Balaji KR A recent study conducted by RiskBased Security has labeled 2020 the worst year for data security with a shocking 36 billion records compromised, twice the number from 2019.

2020 was a lot of things. Unexpected. Tough. Frightening. Frantic. It was also revealing. Most CIOs were asked to enable ways of working and doing business that they had not considered necessary before. Others had maybe always known such moves were wise, but had never been able to dedicate the time, resource or budget to such endeavours. Or, ironically, had never been able to prove the business case. Either way, too many were caught under-prepared.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. The year kicks of with many strange events, and the continuing unraveling of the SolarWinds hack has moved on to other points in the supply chain. How far does this rabbit hole go?

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

In December 2020, the U.S government announced that it fell victim to what is believed to be the largest security breach in the nation's history. The breach occurred through an innocuous IT update from the Government's network monitoring vendor, SolarWinds. This monumental breach exposes a novel and powerful method of clandestinely penetrating even the most sophisticated security defenses through third-party vendors - supply chain attacks.

URL filtering is one of the most common types of web filtering techniques used by organizations to restrict the kinds of content that their users may access. URL filtering blocks users from loading questionable websites or hosted files via corporate device or network resources. The filter is triggered by comparing the URL address a user is trying to access against policy lists that specify whether to block, allow, and/or track visits to certain URL addresses.

Additionally, the Ezuri memory loader tool acts as a malware loader and executes its payload in memory, without writing the file to disk. While this technique is known and commonly used by Windows malware, it is less popular in Linux environments. The loader decrypts the malicious malware and executes it using memfd create (as described in this blog in 2018).

Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite these advancements, our recent State of Software Security (SOSS) report found that 76 percent of applications have security flaws.

The threat actor then gained a back door into the company’s Orion network management platform – used by over 300,000 organisations worldwide. Given the seriousness of the attack, its potential to affect customers across the SolarWinds supply chain and reports of espionage by nation state attackers, this is a story that is likely to have ongoing repercussions for organisations in 2021.