Security News > 2021 > May

For the US government and its suppliers, this executive order represents massive change. This post focuses on the Executive Order on Improving the Nation's Cybersecurity and its impact on cybersecurity and the zero trust approach.

American Express Services Europe has been fined £90,000 by a U.K. regulator, which found the company illegally blasted out 4 million marketing emails to customers who had opted out of receiving them. Amex claimed the emails weren't marketing messages, but service communications, which are allowed under U.K. information privacy regulations.

Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections. In all three cases, Apple said that it is aware of reports that the security issues "May have been actively exploited," but it didn't provide details on the attacks or threat actors who may have exploited the zero-days.

Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections. In all three cases, Apple said that it is aware of reports that the security issues "May have been actively exploited," but it didn't provide details on the attacks or threat actors who may have exploited the zero-days.

An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field. The bug affects ReDi Restaurant Reservation versions prior to 21.0307, with a patched version of the plugin available for download. The vulnerability is a persistent cross-site scripting bug.

The incidents of the past month have confirmed the lack of cyber resilience in many industrial companies and is another reminder of the benefits of zero trust in mitigating the effects of ransomware. The industrial community must improve resilience in operational networks using zero trust strategies.

On the face of it, blunting a ransomware attack should be straightforward if you've got a solid data protection plan in place. Unsurprisingly, sophisticated ransomware attacks focus on seizing control of backups as a precursor to the main assault.

Apple's AirTag product has been hacked twice since its recent launch, in a pair of fascinating and informative stories that give you some great insights into how cybersecurity researchers think. The good news is that you don't need to ditch your AirTags if you already splashed out and bought some - these "Hacks" don't put your privacy at risk - and we explain why.

Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle attacks. The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable mesh networking solutions.

Most residents of Tulsa are being prevented from paying their water bills after the city shut down its computer network as a security measure following an attempted ransomware attack, a city official said Friday. The attempted breach was stopped before any personal data was accessed, city spokesman Carson Colvin said.