Security News > 2021 > February

Facebook has created a new screen in its iOS app that will urge people to allow it to continue stalking their online activities for targeted advertising. This is in response to Apple preparing to introduce a prompt that asks users whether or not they want to grant Facebook's software permission to track them when they use other apps and websites.

Megaport announced the addition of Rodney Foreman to the executive team in the newly created role of Chief Revenue Officer. Foreman will lead Megaport's global sales organisation and have responsibility for all revenue generating programs.

Wind River Systems, which develops embedded system software, on Friday warned of a "Security incident" that had exposed personnel records. Alameda, Calif.-based Wind River develops software for embedded systems, such as Wind River Linux, its embedded Linux development platform.

The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system. The decision follows concerns last month that as a result of the SolarWinds fiasco - in which suspected Kremlin spies gained access to the networks of multiple US government departments via backdoored IT tools - the court system itself may have been hacked, making Highly Sensitive Documents accessible.

Public 5G networks, private 5G networks, broader attack surfaces, and more complex environments add extra layers of vulnerability, expert says. We're actually going to see private 5G networks interacting with public 5G networks, but here's the rub: Not for benign use cases.

Advanced persistent threat group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom "Caterpillar" webshell and the "Explosive RAT" remote access trojan, both of which researchers at ClearSky Security said they linked to the compromise of the public servers [PDF], which allowed widespread espionage.

CISOs need to be more vigilant about building cybersecurity into projects from the beginning, one CISO says.

Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. The Office of the Washington State Auditor states that they suffered a data breach after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.

"In 2015, Juniper revealed a security breach in which hackers modified the software the company delivered to its customers," a Wyden statement read. "Researchers subsequently discovered that Juniper had been using an NSA-designed encryption algorithm, which experts had long argued contained a backdoor, and that the hackers modified the key to this backdoor." "The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company's software updates," the members wrote.

The U.S. Federal Trade Commission said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. "2020's biggest surge in identity theft reports to the FTC related to the nationwide dip in employment," the FTC said.