Security News > 2021 > April

SaaS Security Posture Management takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations' SaaS apps. It's unfortunate but true: SaaS attacks continue to increase.

Networks are under attack or they are not, cybercriminals are targeting a network or they aren't, and security tools either see and stop threats or they miss them. To break an attack sequence, security solutions need to detect and rapidly adjust their security posture to effectively stop threats, even zero-day attacks, that are still in progress.

The latest release of Chromium-based browser Vivaldi has extended ad blocking to handle cookie warning dialogs and sent a shot across the bows of Google's ad technology, FLoC. That first bit will appeal to anyone tired of the cookie dialogs and banners that have popped up in websites as a result of regulation. Vivaldi's take is to add cookie warnings to its ad blocking sources.

Some of the world's top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals...

Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip. It was reported earlier this week that one of the security holes patched in macOS Big Sur and Catalina has been exploited by a piece of malware known as Shlayer to bypass security mechanisms designed by Apple to protect users against malicious files downloaded from the internet, specifically file quarantine, Gatekeeper and notarization.

The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware attack earlier this month, on April 10.

Google has urged the UK's Supreme Court to throw out a £3bn lawsuit brought by an ex-Which director over secretly planted tracking cookies on devices running Safari, on the grounds that local law doesn't allow for opt-out class action lawsuits. The case, being heard over two days this week in the Supreme Court, the final court of appeal in Britain for civil cases, has huge implications for legal businesses and investors as well as data protection law.

The FluBot Android malware is spreading fast across Europe using an SMS package delivery scheme and it's soon expected to arrive in the United States as well, cybersecurity company Proofpoint warned this week. Initially observed in Spain, FluBot has since expanded operations to reach Germany, Hungary, Italy, Poland, and the UK as well, with tens of thousands of malicious SMS messages that leverage FedEx, DHL, and Correos lures being sent hourly.

After Faïd's helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd, detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.

The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model. In a document released today, the Institute for Security and Technology provides a list of 48 actions that governments and leaders in the private sector can adopt to seriously curb the ransomware threat.