Security News > 2021 > March

One option that is often touted is a zero trust model through which access to critical resources is scaled back and granted only under specific conditions. Sponsored by CyberArk, "The CISO View 2021 Survey: Zero Trust and Privileged Access report" collected the advice based on interviews with 12 top security executives from Global 1000 companies.

The applications attract users with a promise of a free 3-day trial, with an unusually high subscription fee attached. Once the trial is over, users are charged a recurring subscription fee - even if they deleted the app by that time - until they cancel the subscription in their device's app subscriptions settings.

Backblaze has removed Facebook tracking code accidentally added to web UI pages only accessible to logged-in customers. Backblaze discovered the issue after receiving user reports on March 21 that pages on the B2 web UI were sending file names and sizes to Facebook.

Microsoft on Wednesday announced that its bug bounty programs now also cover the desktop client of its Teams business communications platform. The tech giant is offering rewards for vulnerabilities in the Teams desktop client as part of its Application Bounty Program, which will feature additional app-related bounties in the future.

Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings.

BP Chargemaster, purveyors of sockets for electric vehicles, seemingly had its email domain hijacked by criminals who used formerly legitimate addresses to send banking trojans to customers. Register reader Matt received some emails from BP Chargemaster which he was certain didn't come from the company.

A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization. On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.

A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization. On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.

Threat data feeds can help organizations strengthen their cybersecurity posture, according to a report from the Ponemon Institute. As cyberthreats proliferate, many organizations are using threat feeds with insights from domain name system data to help IT security teams better understand threats and block malicious activity.

As Google security engineers pointed out, these mechanisms do not prevent the Spectre exploit, but rather "Protect sensitive data from being present in parts of the memory from which they can be read by the attacker." To further reduce the risk of data leakage, website owners should add an extra line of defense to protect the actual data in memory in the event that all other security controls.