Security News > 2021 > January

The U.S. National Security Agency on Friday said DNS over HTTPS - if configured appropriately in enterprise environments - can help prevent "Numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security, often referred to as DNS over HTTPS, encrypts DNS requests by using HTTPS to provide privacy, integrity, and 'last mile' source authentication with a client's DNS resolver," according to the NSA's new guidance.

WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. The Facebook-owned company has since repeatedly clarified that the update does not expand its ability to share personal user chats or other profile information with Facebook and is instead simply providing further transparency about how user data is collected and shared when using the messaging app to interact with businesses.

This year's Consumer Electronics Show was hampered by the pandemic, but that didn't stop an expert panel from convening to award this year's dubious CES 2021 Worst in Show honors in the context of gadget privacy and security. The awards were sponsored by the Repair Association and named the worst products from CES 2021 in the categories of privacy, security, ability to repair and environmental impact.

The 6 large-scale squid jigging vessels are normally operating vessels that returned to China earlier this year from the waters of Southwest Atlantic Ocean for maintenance and repair. These vessels left the port of Mawei on December 17, 2020 and are sailing to the fishing grounds in the international waters of the Southeast Pacific Ocean for operation.

Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw. Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. "Joker goes on a well-deserved retirement. Joker's Stash is closing," the post read. "When we opened years ago, nobody knew us. Today we are one of the largest cards/dumps marketplace[s]."

Signal is experiencing a partial outage as tens of millions of netizens flood the free secure messaging service. Those technical difficulties come as at least 30 million people joined the non-profit end-to-end encrypted communications platform in a matter of days this week.

Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files. Siemens and CISA have published one advisory for 18 vulnerabilities affecting Siemens JT2Go, a 3D viewing tool for JT data, and Teamcenter Visualization, which provides organizations visualization solutions for documents, 2D drawings and 3D models.

Review your recent Gmail access, browser sign-in history, and Google account activity to make sure no one other than you has used your account. The following steps can help you figure out if someone, other than you, is accessing your Gmail or Google account.

Canadian data security startup Qohash this week announced it raised CAD 8 million in Series A funding. Founded in 2018, the Quebec-based company provides customers with solutions focused on data discovery and classification, helping enterprises monitor data across their environments.