Security News > 2021 > May

The bug listed here is what's known as a Universal Cross-site Scripting vulnerability, which means it's a way for attackers to access private browser data from website X while you are browsing on booby-trapped website Y. That's definitely not supposed to happen. Your browser is supposed to stop data such as cookies "Leaking" between websites, or else site Y could peek at data such as your login details for site X, and abuse that site-specific data to masquerade as you on site X and hijack your account.

Managed detection and response solutions provider Huntress on Thursday announced raising $40 million in a Series B funding round, which brings the total raised by the company to $60 million. The Series B round, led by JMI Equity, will help the company expand its platform.

Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform. Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues.

World Password Day was created by Intel in 2013 to raise awareness of the need for strong passwords, but many experts now use the occasion to urge organizations to replace passwords with other, more secure authentication methods. World Password Day is observed every year on the first Thursday of May, and in 2021 that is today, May 6.

Nice video of a talk by Chris Shore on the history of Colossus.

US tech giant Microsoft pledged Thursday to process and store all European cloud-based client data in the European Union amid unease in the region over the reach of US legislation on personal data collection. Microsoft's European clients have long been concerned over the legal status of data they store with US companies in the cloud and the extent to which they could be scrutinized by US authorities.

On world password day, data from Onfido serves as a reminder that most people don't follow password recommendations, probably never will, and that means it's time to find a new security standard. World password day 2021 is upon us, serving as yet another reminder to use unique passwords, update those that may be compromised and practice good password hygiene.

Let's consider the benefits of concealing network infrastructure and activity from the outside world to reduce the enterprise attack surface. Network privacy is a new and often overlooked concept that can enable an organization to protect its identity, intellectual property, corporate information and customer data while conducting business over the Internet.

A high severity security vulnerability found in Qualcomm's Mobile Station Modem chips could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations. Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi.

A Reg reader recreated this scene in real life using his Samsung Galaxy A20 phone - and the severed tip of his index finger, parted from his hand thanks to an industrial accident involving a crane. "I extracted from its grave of medicinal alcohol, dried it off and... eureka! ... managed to register my dead finger on my phone."