Security News > 2021 > March

Researchers from Chinese cybersecurity company Qihoo 360 have earned another $20,000 from Google for a sandbox escape vulnerability affecting the Chrome web browser. Google informed Chrome users on Tuesday that an update for version 89 includes eight security fixes, including for six vulnerabilities reported by external researchers.

Security researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. Js and present at the exact locations where JavaScript files are normally present on WordPress sites but are in fact malicious.

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security. At a minimum, organizations therefore should deploy simple forms of endpoint security like anti-virus or anti-malware software across their entire fleet of devices.

called for more and continued industry collaboration amongst membership and training bodies linked with cybersecurity skills and professional development. Doing so will bolster the cross-industry work that has built the new UK Cyber Security Council, as well as further collective efforts to advocate for members and greater industry awareness of cybersecurity trends and threats.

Once an adversary is in your network, it's not always easy to detect them, especially with complex, tailored attacks. These include the use of fileless malware and living off the land techniques, where attackers use every day administrative tools to advance their attack against a targeted infrastructure.

Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.

Like most companies, you've already come across its shortcoming - and these are amplified since you have a small security team. According to a Cynet 2021 survey of CISOs with small security teams, the biggest pain point in operating threat protection products selected by 51% of companies, and with a significant gap of 38% from the second place, is the overlapping capabilities of disparate technologies.

Security teams need to manage these vulnerabilities to protect the data from a cyber-attack and ensure compliance with the latest data privacy regulations, such as the General Data Protection Regulation or the California Privacy Rights Act. The key to any data privacy compliance is proper data protection because under these laws, consumers retain the right to deny and revoke the collection of their data.

Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure. One of the most notable trends highlighted is the evolution of ransomware - attacks that extort organizations by preventing them from accessing their data.

A duo in China has been accused of tricking a government-run identity verification system to create fake invoices. According to state-controlled outlet Xinhua, the suspects tricked the State Taxation Administration platform's identity verification system by manipulating high-def photos with a widely available app that turns photos into videos.