Security News > 2021 > February

Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to "Sell" it. Any system of information rights­ - whether patents, copyrights, and other intellectual property, or privacy rights - ­presents some tension with strong interest in the free flow of information that is reflected by the First Amendment.

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization. About two weeks later, Google software security engineer Chris Palmer marked the bug "WontFix" because Google has resigned itself to the fact that ASLR can't be saved - Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.

Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation. The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Kaspersky, and industrial cybersecurity firm Claroty.

TikTok's Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois privacy law. The federal lawsuit alleged that TikTok broke the Illinois biometric privacy law, which allows suits against companies that harvest consumer data without consent, including via facial and fingerprint scanning.

Here in France, we've just experienced the country's biggest ever data breach of customer records, involving some half a million medical patients. Data journalism couldn't be easier, and indeed the newspaper hacks have been on the beat, contacting the doctors listed in the file and phoning up some of the patients on their mobile numbers to ask how they feel about the data breach.

SolarWinds announced the APM Integrated Experience for the SolarWinds application performance management solutions-AppOptics, Loggly, and Pingdom-consolidating access to application performance metrics, traces, logs, and user experience into a common navigation experience for technology professionals. The new APM Integrated Experience helps reduce much of the complexity associated with modern APM by streamlining visibility into critical application and infrastructure performance and empowering tech pros with faster, easier troubleshooting.

Balancing data privacy within an organization is no easy task, particularly for data scientists who need quick access to data, and security and governance teams whose job it is to protect it. In typical cloud data architectures, there is no magic button for IT or data architects to gain instant access to the different data sets that are created by users across the enterprise and often distributed across different cloud services.

In the past, most BEC emails have been written in English - meaning that defense systems can be tuned to recognise flag words and phrases written in this internationally recognized language. We have observed a rise in the number of BEC emails in recent months.

There was a massive increase in cyber threats globally year-over-year fueled by both the pandemic and expanding attack surfaces, Skybox Security reveals. Expanding attack surfaces New malware samples nearly doubled: New ransomware samples increased 106% year-over-year.

The report found that one in four consumers admit to using their work email or passwords to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps. The report found that consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic.