Security News > 2021 > May

Surveillance laws permitting GCHQ to operate its Tempora dragnet mass surveillance system broke the law, the European Court of Human Rights has ruled. "The Court considers that, when viewed as a whole, the section 8(4) regime, despite its safeguards... did not contain sufficient 'end-to-end' safeguards to provide adequate and effective guarantees against arbitrariness and the risk of abuse," ruled the European Court of Human Rights's Grand Chamber.

Three security vulnerabilities have been found in Trend Micro's Home Network Security systems, which can allow denial of service, privilege escalation, code execution and authentication bypass. The Home Network Security Station is an all-in-one device that scans for vulnerabilities for connected devices, performs intrusion detection and allows consumers to control access settings for all devices on the network.

TechRepublic's Karen Roby spoke with Jennifer Bisceglie, CEO of Interos, about President Joe Biden's executive order on cybersecurity. The first one talks about all software that the government purchases needs to meet new cybersecurity standards within six months, so they actually put a timeframe around it, around multi-factor authentication, endpoint detection and response of software.

There's still a lot of work to be done, but it will help companies feel better about reporting breaches and sharing information.

The UK's Competition and Markets Authority has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund. It's quite the slap on the wrist for McAfee, whose software tends to be bundled with a large number of devices sold in the UK. Customers who signed up with the company may not have understood the ins and outs of auto-renewal, hence the CMA action.

The UK's Competition and Markets Authority has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund. It's quite the slap on the wrist for McAfee, whose software tends to be bundled with a large number of devices sold in the UK. Customers who signed up with the company may not have understood the ins and outs of auto-renewal, hence the CMA action.

As cyberattacks snowball and insider threats become an ever-larger part of the problem, it may be time to move beyond purely software-based cyber-defenses. Insider threats have become an alarmingly significant source of risk.

Research and advisory giant Gartner predicts that global security and risk management spending will exceed $150 billion this year. The company forecasts that information security and risk management will grow by more than 12 percent in 2021.

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled "Across Bose's environment" and resulted in the possible exfiltration of employee data. "In conjunction with expert third-party forensics providers, Bose further initiated a comprehensive process to investigate the incident. Given the sophistication of the attack, Bose carefully, and methodically, worked with its cyber-experts to bring its systems back online in a safe manner."

An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign. "Initially engaged in espionage activity, Agrius deployed a set of destructive wiper attacks against Israeli targets, masquerading the activity as ransomware attacks," said Amitai Ben Shushan Ehrlich, Threat Intelligence Researcher at SentinelOne.