Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For a while, privacy in Q2 was looking like it would follow the season’s idiomatic rule: in like a lion, out like a lamb. But it came roaring back in June with a new U.S. state law, EU adequacy decisions, a new EU data transfer mechanism, and more. As we look back over the second quarter of 2021, several important developments are worth noting.

Hackers have gained access to the personal data of 50m T-Mobile customers. Cybercriminals are reportedly offering access to some of the data in return for a fee of 6 bitcoin, or $270,000. The cause of the breach is unclear, but this follows a string of breaches for T-Mobile in recent years, after an incident in December 2020 that leaked the call records of around 200,000 customers.

Egnyte now offers email scanning and classification of Microsoft Online Exchange emails and attachments. This is a critical capability for organizations that need to deploy consistent document classification and governance across all documents, whether they exist in an Egnyte cloud repository, with other cloud providers, or on premises.

Business owners whose revenue streams depend significantly or partially on government contracts have been recently faced with the mandatory emerging regulations called Cybersecurity Maturity Model Certification, also known as CMMC. All organizations working with the Department of Defense (DoD) and Federal government as their prime or subcontractors must be audited against these requirements by a competent third-party CMMC auditor.

Canary deployment is a risk mitigation strategy for software releases. it allows applications developers to limit the damage caused by the release of faulty software updates and roll back such faulty updates quickly and safely without compromising the entire software assets.

On July 14, 2021, WooCommerce issued an emergency patch for a critical vulnerability allowing an unauthenticated attacker to access arbitrary data in an online store’s database. WooCommerce is one of the most popular e-commerce platforms in the world and is installed on over five million websites. Additionally, the WooCommerce Blocks feature plugin, which is installed on more than 200,000 sites, was affected by the vulnerability and was patched at the same time.

Launched in September 2019 and formerly known as 'ABCD', LockBit is a ransomware-as-a-service (RaaS) threat that was updated in June 2021 and improved on the group’s earlier claims of having the fastest encryption process on the ransomware scene (Figure 1). Much like other RaaS offerings, LockBit operates an affiliate profit sharing program in which up-to eighty percent of a ransom payment can be earned whilst the operators claim the remainder.

Today’s enterprise operations involve the coordination of several different digital ecosystems but none quite so inflamed as the cybersecurity ecosystem. Technology has been evolving at a rapid pace, and attackers are armed with advanced tactics to steal data and expose secure information. In response, cybersecurity teams deploy numerous tools and solutions to prevent and mitigate these attacks.