Security News > 2021 > May

A Microsoft Edge bug is causing the browser to become unresponsive and crash while watching YouTube videos or reading comments. In our tests, Microsoft Edge would become unresponsive when watching a video, and a circular loading graphic would appear.

ISACA's 2021 report on the cybersecurity workforce sees little adverse effect from the pandemic on cybersecurity during 2020, but notes a continued downward pressure on budgets and a correlation between the number of unfilled positions and staff retention, and the number of cyberattacks experienced. The ISACA State of Cybersecurity 2021, Part 1 is a report on the survey of 3,659 cybersecurity professionals to evaluate workforce efforts, resources and budgets.

The U.S. Cybersecurity and Infrastructure Security Agency has published an analysis of the FiveHands ransomware, roughly one week after FireEye's Mandiant security researchers reported seeing the malware in recent attacks. Written in C++, the FiveHands ransomware appears to be the successor of DeathRansom, based on code similarities between the two.

A secret campaign by the broadband industry to offer support to roll back net neutrality resulted in fake comments comprising more than 40 percent of those sent to the FCC during the public comments phase of its decision, according to the report by the New York State Office of the Attorney General. On the other side of the debate, a 19-year-old college student who opposed the repeal of net neutrality managed to file more than 7.7 million pro-neutrality comments with the FCC by fabricating people's names and addresses using software.

Rote learning is often defined as the memorization of information based on repetition, it can also be called learning by "Sitting next to Nellie". Less obvious is that learning to add, subtract, multiply and divide are also "Learning by rote" this time however it's not the facts in the tables but the rules by which you do the operations.

Bernard found a constant stream of new marks by offering extraordinarily generous finders fees to investment brokers who could introduce him to companies seeking an infusion of cash. "Perhaps the leading reason for acquiring an aged entity in general is credibility," explains TBA & Associates, a company co-registered in the UK and New Zealand that has created hundreds of shelf companies for sale, including Hempton Business Management LLP in 2017.

Twitter 'Tip Jar' may expose your PayPal shipping address. "For now, a limited group of people around the world who use Twitter in English can add Tip Jar to their profile and accept tips."

Google this week announced that it is introducing a new policy for the Google Play app store, requiring all developers to provide information on their data collection practices. Planned as a safety section in Google Play, the change is expected to "Help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security."

Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service attacks against authoritative DNS servers, a group of researchers warned this week. Google and Cisco, both of which provide widely used DNS services, have deployed patches for TsuNAME, but the researchers believe many servers are still vulnerable to attacks.

DevSecOps tools are enabling developers to release new code faster than ever - yet testing, code review and disagreements over who is in charge of security remain sticking points within organizational teams, according to GitLab's latest industry survey. Just over 84% of developers reported they were releasing code faster than before, with 57% reporting that code was being released twice as fast - a significant jump from last year's 35%. Nearly one in five said code was going out the door 10x faster.