Security News > 2021 > May

Klarna Bank suffered a severe technical issue this morning that allowed mobile app users to log into other customers' accounts and see their stored information. Today, customers reported that when they logged into the Klarna mobile app, they were showed the account information for other users instead of seeing their own accounts.

DataDome, a company that provides a SaaS solution for protecting businesses against bad bots and fraud, this week announced that it raised $35 million in a Series B funding round. The investment round, which brings the company's total funding to nearly $40 million, was led by venture capital firm Elephant, with participation from ISAI. DataDome plans on investing the money in sales, marketing, and R&D. DataDome has developed an AI-powered platform that processes vast amounts of data in an effort to provide protection against various types of online threats, including payment fraud, DDoS attacks, account takeover attempts, and web scraping.

You don't want that, which is why you should employ a tool like MOSH. MOSH stands for Mobile Shell and makes it possible for you to keep a persistent SSH connection-even if you change networks or your connection momentarily drops. Under the hood, MOSH logs the user in via SSH and then starts a connection on a UDP port between 60000 and 61000, to keep the connection persistent.

U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive in response to the ransomware hack that disrupted gas supplies in several states this month. The Transportation Security Administration directive being issued Thursday will also mandate that the owners and operators of the nation's pipelines report any cyber incidents to the federal government and have a cybersecurity coordinator available at all times to work with authorities in the event of an attack like the one that shut down Colonial Pipeline.

Vulnerabilities in Visual Studio Code extensions could be exploited by malicious attackers to steal valuable information from developers and even compromise organizations, researchers with open-source software security firm Snyk say. Generally considered secure, VS Code extensions could expose millions of developers to malicious attacks, potentially leading to the compromise of information stored on developer machines, such as credentials, or even opening the route to further attacks.

Threat actors have stolen files from several official government agencies of Japan by hacking into Fujitsu's software-as-a-service platform and gaining access to its systems. ProjectWEB is a a cloud-based enterprise collaboration and file-sharing platform that Fujitsu has operated since the mid-2000s, and which a number of agencies within the Japan government currently use.

The US Department of Homeland Security has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. The new security directive requires critical pipeline owners and operators to report any confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.

Facebook said Wednesday that it has disrupted more than 150 deceptive influence schemes since 2017, with Russia the biggest single source, as culprits strive to stay "Under the radar." The number of coordinated inauthentic behavior campaigns derailed at the leading social network ramped up each year since a Russia-linked operation to sway the outcome of the 2016 US presidential election put Facebook on the defensive.

Given the rise in third party breaches, including successful wide-scale attacks against major technology providers such as Solarwinds and Microsoft, Third Party Risk Management is becoming a critical concern for security teams responsible for the secure integration of third party systems and infrastructure during mergers and acquisitions. With limited review time to evaluate security risks, firms engaged in mergers and acquisitions must hone in on specific areas of cybersecurity and dangers including "Outside the firewall" if they are to successfully identify and mitigate risks associated with their investments.

The U.S. National Aeronautics and Space Administration identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA's Office of Inspector General. NASA has institutional systems, which are used for the day-to-day work of employees - these include data centers, web services, computers and networks.