Security News > 2021 > May

Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS Big Sur that has been exploited in attacks. Security researchers with Jamf, a firm that specializes in enterprise management software for Apple devices, say that the vulnerability has been actively exploited by the XCSSET malware, which infects Xcode projects to target Mac developers.

"You only want to learn the larger patterns in the data, and so what differential privacy is doing is adding some noise to hide those smaller patterns that you didn't want to know anyway," Bird explained. Others reach out to the SmartNoise team on GitHub, which has led to a more formal early adoption programme where Microsoft is helping organisations like Humana and the Educational Results Partnership build differential privacy into research programmes looking at health and education data.

From paralysing the internet in Estonia to a $4.4-million ransom being paid last week after the shutdown of a major US pipeline, we take a look back at 15 years of cyberattacks. The Baltic nation of Estonia was the first state hit by a massive cyberattack in 2007, paralysing key corporate and government web services for days.

The Republic of Korea took two bold steps into the future on Tuesday, by announcing that the last of its 2G networks will go offline in June and that it will initiate large-scale adoption of communications protected by quantum encryption. The quantum tests will build on demos conducted in 2020, but this time South Korea's government hopes to involve multiple industries and to educate them on the benefits of the tech and how to adopt it.

The upcoming physical return to the office is also set to bring the influx of IoT devices that may be installed on networks as part of new COVID-19 workplace compliance policies. Some of these devices may collect large quantities of personal data that needs to be protected and is subject to the GDPR. GDPR Privacy by Design.

A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese, which led to his arrest, guilty plea, and a sentence of 13 years and six months in prison. Liverpool resident Carl Stewart, 39, who went by the name "Toffeeforce" on now-defunct message service EncroChat, was sent down at Liverpool Crown Court after pleading guilty to charges of conspiring to supply cocaine, heroin, MDMA, and ketamine, and of transferring criminal property.

A former governor of the People's Bank of China has given a speech in which he suggested that China's Digital Yuan is not intended to increase China's influence over global financial systems. An unauthorised translation of the speech by Chinese journalist Zichen Wang reports that Zhou said China's digital currency "Is mainly targeted on the modernization of the domestic payment system, keeping pace with the digital economy and the Internet era, improving efficiency, and reducing costs, especially for the retail payment system".

The lingering question of application code security follows, as stories of security breaches continue to pour, and remote teams across the world adopt low code for faster application delivery. Most low code platforms enable non-technical users to build applications quickly and offer in-built security for various aspects of the application, such as APIs, data access, web front-ends, deployment, etc.

On top of being engaged 24/7 in the organization's actual breach protection activity, the CISO has another critical task: to articulate the risks, potential impacts and appropriate steps to take to the company's management - or in other words, they must effectively translate security issues for non-security-savvy executives in a clear and business-risk oriented manner. To address this need, Cynet introduces the ultimate 'Security for Management' PPT template: a first-of-its-kind tool to capture and sustain management mindshare and drive their proactive understanding and commitment.

That's why making security frictionless is key to securing private sector assets and, as a result, protecting national security interests. More security tools and more security spending does not necessarily equal more protection - cybercrime is as lucrative as ever even as organizations spend more on cybersecurity every year.