Security News > 2021 > April

Firefox's new feature automatically redirects from HTTP to HTTPS and should be considered a must-use for the security-minded. Now, here's the trick: A website might automatically direct your insecure call to the secure protocol, so HTTP automatically directs to HTTPS. When that happens, you're good to go.

The same North Korean threat actors that targeted security researchers in January appear to be readying a new campaign using a fake company that aim to lure security professionals into another cyber-espionage trap. While researchers have seen no evidence yet of nefarious activity from attackers that leverage these web assets, it appears that attackers are gearing up to target security researchers again by the nature of the activity, according to Google TAG. Like previous websites that Google TAG has observed Zinc establish, the SecuriElite website has a link to the group's PGP public key at the bottom of the page, researchers noted.

A mafia fugitive hiding out in the Dominican Republic was arrested when investigators found his YouTube cooking channel and identified him by his distinctive arm tattoos.

Shares of New York City-based IoT device maker Ubiquiti fell significantly this week following a report claiming that the recently disclosed data breach was "Catastrophic" and that its impact was downplayed. Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti "Massively downplayed" an incident that was actually "Catastrophic," in an effort to minimize impact on its value on the stock market.

Microsoft has fixed an Outlook bug that blocked users from forwarding or replying to emails containing embedded hyperlinks pointing to long URLs. Outlook for PC users experiencing this issue are seeing "Cannot send this item" errors according to customers' reports on Microsoft's community website.

An Israeli national has pleaded guilty to his role in operating DeepDotWeb, a website that functioned as a gateway to various Dark Web marketplaces, the U.S. Justice Department announced on Wednesday. The man, Tal Prihar, 37, together with co-defendant Michael Phan, 34, of Israel, owned and operated DeepDotWeb between October 2013 and May 2019, when the website was seized by authorities.

Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week. Ubiquiti added that incident response experts hired to investigate the breach didn't find evidence of customer information being targeted during the breach.

A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs. The vROps IT operations management product, specifically the vRealize Operations Manager API, is affected by a server-side request forgery vulnerability tracked as CVE-2021-21975, and an arbitrary file write issue tracked as CVE-2021-21983.

If you want to modernize your SOC to focus on detection and response you need to start by capturing the right data. The next challenge is improving data utilization by collaborating with the teams and organizations that make up your entire enterprise, to mitigate risk across your environment.

Cloud email security company Hornetsecurity announced buying Zerospam, a Canada-based company that provides cloud email protection solutions to SMBs in North America. Enterprise authentication technologies provider Plurilock Security is set to acquire all of the issued and outstanding securities of Aurora Systems Consulting, a California-based cybersecurity company that provides products and services to private and government organizations.