Security News > 2021 > May

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. "TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers said.

Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. The search giant said it plans to include a new safety section for app listings that highlights the type of data being collected and stored - such as approximate or precise location, contacts, personal information, photos and videos, and audio files - and how the data is used, whether be it for providing app functionality, personalization, or advertising.

Entrust introduced the Production Analytics Solution, designed to provide real-time data and actionable insights to optimize card issuance operations. With the complexity of card issuance environments and lack of real-time visibility into production system operations, card issuers have difficulty effectively overcoming efficiency challenges across the production ecosystem.

LogDNA launched a new browser logging capability, which makes it easier for full-stack and frontend developers to ingest frontend log data in LogDNA to more efficiently debug web applications. LogDNA's new Browser Logger addresses this need by automatically capturing errors and logs occurring in the user's browser and allowing dev teams to centralize those errors alongside server-side logs.

These solutions are integrated with SAP Extended Warehouse Management, with a second integration available for Ivanti Velocity Web Browser with SAP S/4HANA. The solutions enable customers in warehousing, transportation, logistics and retail organizations to increase productivity and deliver enhanced, consistent user experiences across devices. In addition to their availability on SAP Store, the SAP Integration and Certification Center has certified that Ivanti Speakeasy 1.0 and Ivanti Velocity 2.1 integrate with SAP S/4HANA using standard integration technologies.

MariaDB announced major new updates to MariaDB SkySQL cloud database, including expanded support for Amazon Web Services. Xpand is now GA in SkySQL and is at least a third less expensive than other distributed SQL options in AWS or Google Cloud Platform.

For Teams users, the new packages are specifically designed to complete the essential functionality of a fully integrated cloud communications platform by adding Unite's enterprise-grade business phone features to the Microsoft Teams business collaboration suite. This package is designed for business customers that are already using Teams for collaboration, but need the essential telephony features of a more robust business phone system.

Datadog announced the appointment of Adam Blitzer as Chief Operating Officer. Mr. Blitzer brings fourteen years of experience in the SaaS space.

Security Compass announced the expansion of its executive leadership team. In addition to the internal advancement of multiple strategic leaders, Rob Bentley has been named the company's first Chief Revenue Officer.

While ransomware attacks continued throughout the week, for the most part, it has been quieter than usual, with only a few new variants released. The biggest news was the attack on health care giant Scripps Health whose operations were severely impacted by a ransomware attack.